b" March 31, 2004\n Report No. 04-017\n\n\n Supervisory Actions Taken for\n Bank Secrecy Act Violations\n\n\n\n\n               AUDIT REPORT\nMaterial has been redacted from this document to\nprotect personal privacy, confidential or privileged\n                   information.\n\x0c                                                     TABLE OF CONTENTS\n\nBACKGROUND ................................................................................................................2\n    BSA Requirements for FDIC-Supervised Institutions ..............................................3\n    Examination Authority..............................................................................................3\n    Referrals to the Treasury Department .......................................................................4\n    Regulatory Actions for Noncompliance....................................................................4\nRESULTS OF AUDIT.......................................................................................................5\nFOLLOW-UP FOR BSA VIOLATIONS SHOULD BE STRENGTHENED .............7\n     Responsibilities Prescribed by BSA Laws, Regulations, and Policies....................8\n     The FDIC Process for Follow-up and Other Supervisory Actions..........................8\n       Handling of Repeat Violations ...........................................................................9\n       Follow-up on Violations ..................................................................................11\n       Inconsistencies in Describing Deficiencies and Citing Violations ...................13\n          Deficiencies Described and Cited as Violations...........................................13\n          Deficiencies Described and Not Cited As Violations...................................14\n       Handling of Violations Related to CTRs ..........................................................16\n       Handling of Referrals to the Treasury Department...........................................16\n     Timeliness of Follow-up and Other Supervisory Actions .....................................17\nCONCLUSION AND RECOMMENDATIONS...........................................................20\n    Recommendations ...................................................................................................21\nCORPORATION COMMENTS AND OIG EVALUATION .....................................21\n\nAPPENDIX I:       OBJECTIVE, SCOPE, AND METHODOLOGY.........................30\n     Objective................................................................................................................30\n     Scope and Methodology ........................................................................................30\n     Management Controls Reviewed...........................................................................33\n     Government Performance and Results Act............................................................34\n     Fraud and Illegal Acts............................................................................................35\n     Prior Audit Coverage.............................................................................................35\nAPPENDIX II: FDIC RULES AND REGULATIONS\n                  (12 C.F.R. SECTION 326.8) ON BSA COMPLIANCE\n                  AND FDIC GUIDELINES FOR MONITORING\n                  COMPLIANCE WITH SECTION 326.8.......................................37\nAPPENDIX III: CONTROL AND PERFORMANCE STANDARDS\n                   AND ASSOCIATED RISKS ..........................................................38\nAPPENDIX IV: AUTHORITY TO TAKE ENFORCEMENT ACTIONS FOR\n                  BSA VIOLATIONS .........................................................................39\nAPPENDIX V: BSA VIOLATIONS REPORTED FOR 41 SAMPLED\n                  FINANCIAL INSTITUTIONS ......................................................40\nAPPENDIX VI: SUMMARY OF BSA VIOLATIONS BY TYPE OF\n                  VIOLATION FOR 41 SAMPLED FINANCIAL\n                  INSTITUTIONS ...............................................................................41\nAPPENDIX VII: ACRONYMS ...................................................................................42\n\x0cAPPENDIX VIII: GLOSSARY .....................................................................................43\nAPPENDIX IX: CORPORATION COMMENTS ...................................................51\nAPPENDIX X: MANAGEMENT RESPONSES TO\n               RECOMMENDATIONS ..............................................................134\n\n\nTABLES\nTable 1: Analysis of Composite Rating and Asset Size for Institutions\n         for Which Regulatory Actions Were Imposed ...................................................10\nTable 2: Supervisory Actions Taken for Similar BSA Violations ...................................12\nTable 3: Time Taken to Address BSA Violations ............................................................17\nTable 4: FDIC-Supervised Financial Institutions With BSA Violations From\n         January 1, 1997 Through September 30, 2003 and\n         Financial Institutions With Repeat Violations Based on ViSION Data .............31\nTable 5: Financial Institutions Selected for Review.........................................................32\nTable 6: Performance Measures Related to Supervision and Examinations ....................35\n\x0c\x0cBACKGROUND\n\nThe Bank Secrecy Act of 1970, Public Law 91-508, codified to 31 U.S.C. Section 5311 et seq.,\nrequires financial institutions to maintain appropriate records and to file certain reports that are used\nin criminal, tax, or regulatory investigations or proceedings. Congress enacted the BSA to prevent\nbanks and other financial service providers from being used as intermediaries for, or to hide the\ntransfer or deposit of, money derived from criminal activity. The BSA\xe2\x80\x99s implementing regulation,\n31 Code of Federal Regulations (C.F.R.) Part 103, is used to aid law enforcement agencies in the\ninvestigation of suspected criminal activity such as illegal drug activities, income tax evasion, and\nmoney laundering4 by organized crime.\n\nThe BSA consists of two parts\xe2\x80\x94Title I, Financial Recordkeeping, and Title II, Reports of Currency\nin Foreign Transactions.\n\n         \xe2\x80\xa2    Title I authorizes the Secretary of the Treasury (Treasury Department)5 to issue\n              regulations requiring insured financial institutions to maintain certain records related to\n              financial transactions.\n\n         \xe2\x80\xa2    Title II directs the Treasury Department to prescribe regulations governing the reporting\n              of certain transactions by and through financial institutions in excess of $10,000 into,\n              out of, and within the United States. A financial institution must file a Currency\n              Transaction Report (CTR)6 with the Treasury Department for each cash transaction over\n              $10,000 or multiple cash transactions by an individual in 1 business day or over a\n              period of days aggregating over $10,000. The BSA also requires financial institutions\n              to file Suspicious Activity Reports (SARs) with the Treasury Department when\n              suspected money laundering activity or BSA violations occur.\n\nEmphasis on anti-money laundering efforts has risen significantly in recent years, especially since\nthe events of September 11, 2001. For example, in response to those events, the Congress enacted\nthe United and Strengthening America by Providing Appropriate Tools Required to Intercept and\nObstruct Terrorism Act of 2001, Public Law 107-56 (USA PATRIOT Act, hereafter referred to as\nthe PATRIOT Act), which expands the Treasury Department\xe2\x80\x99s authority initially established under\nthe BSA to regulate the activities of U.S. financial institutions, particularly their relations with\nindividuals and entities with foreign ties.7 The provisions of the PATRIOT Act were designed to\nfacilitate the prevention, detection, and prosecution of international money laundering and the\nfinancing of terrorism.\n\n\n\n4\n Money laundering is the process by which criminals or criminal organizations seek to disguise the illicit nature of their\nproceeds by introducing them into the stream of legitimate commerce and finance.\n5\n For reporting purposes, we will refer to the Secretary of the Treasury as the \xe2\x80\x9cTreasury Department.\xe2\x80\x9d\n6\n According to DSC\xe2\x80\x99s Manual of Examination Policies, Financial Recordkeeping and Reporting Regulations, dated\nFebruary 1999, law enforcement agencies have found CTRs to be useful in tracking cash generated by illicit drug\ntraffickers. Accordingly, comprehensive examination procedures have assisted in detecting possible money laundering\nresulting from drug trafficking in federally insured financial institutions.\n7\n Hereinafter, all references to the BSA will include the PATRIOT Act amendments.\n                                                             2\n                                        This Report Contains Confidential Information\n                       For Official Use Only                                   Restricted Information\n\x0cBSA Requirements for FDIC-Supervised Institutions\n\nSection 326.8(b) of the FDIC\xe2\x80\x99s Rules and Regulations, codified to 12 C.F.R. Part 326, requires each\nFDIC-supervised institution to develop and administer a program to ensure compliance with the\nBSA and 31 C.F.R. Part 103. The institutions\xe2\x80\x99 boards of directors must approve the compliance\nprogram in writing, and in accordance with Section 326.8(c), the program should include four\nminimum requirements:\n\n         \xe2\x80\xa2   a system of internal controls to assure ongoing compliance,\n         \xe2\x80\xa2   independent testing for compliance with the BSA and 31 C.F.R. Part 103 to be\n             conducted by bank personnel or an outside party,\n         \xe2\x80\xa2   designation of individual(s) responsible for coordinating and monitoring compliance\n             with the BSA, and\n         \xe2\x80\xa2   training in BSA requirements for appropriate personnel.\n\nAppendix II details the minimum requirements for FDIC-supervised financial institutions.\n\nExamination Authority\n\nThe Treasury Department has overall authority for BSA enforcement and compliance; however, its\nregulations delegate authority to financial institution regulatory agencies, including the FDIC, to\nexamine financial institutions for compliance. In this capacity, the FDIC has authority to\n(1) examine the institutions it supervises for compliance with the BSA, (2) refer BSA violations to\nthe Treasury Department, and (3) impose regulatory actions for BSA violations. The FDIC is also\nrequired by the Federal Deposit Insurance Act (FDI Act) to:\n\n         \xe2\x80\xa2   prescribe regulations requiring insured depository institutions to establish and maintain\n             procedures reasonably designed to ensure and monitor compliance with the BSA,\n         \xe2\x80\xa2   review such procedures during their examinations of these institutions, and\n         \xe2\x80\xa2   enforce compliance with the BSA monetary transaction recordkeeping and report\n             requirements.\n\nThe FDIC also issues regulations, Financial Institution Letters (FILs),8 and other guidance to the\nfinancial institutions that it supervises; updates Corporation examination and training materials; and\nensures that DSC examiners are adequately trained to monitor BSA compliance. DSC requires\nexaminers to use risk-focused examination procedures to assess BSA compliance.9 To accomplish\nthis, examiners may use (1) core procedures that are considered during the basic review,\n(2) expanded procedures that are used to target concerns identified during the basic review, and\n(3) impact analyses to assess the seriousness of identified deficiencies. To assess the impact of\n\n8\n The FDIC uses FILs to correspond with the financial institutions that it supervises. FILs may be issued for a variety of\nreasons, including notification of BSA requirements and other issues of principal interest to those responsible for\noperating a bank or savings association.\n9\n On August 15, 2003, the DSC issued interim guidance in Transmittal 03-042, Bank Secrecy Act Examination\nProcedures, updating the BSA risk-focused approach. The objective of this approach is to effectively evaluate the\nsafety and soundness of the bank, including the assessment of risk management systems, financial condition, and\ncompliance with applicable laws and regulations, while focusing resources on the bank\xe2\x80\x99s highest risks.\n                                                            3\n                                       This Report Contains Confidential Information\n                      For Official Use Only                                   Restricted Information\n\x0cdeficiencies identified during the basic and expanded reviews, examiners determine whether BSA\nviolations and weaknesses:\n\n       \xe2\x80\xa2   are serious and indicate the need for civil money penalties,\n       \xe2\x80\xa2   necessitate referrals to law enforcement agencies,\n       \xe2\x80\xa2   necessitate a cease and desist order for cases in which a mandatory BSA compliance\n           program was not established or maintained, and\n       \xe2\x80\xa2   affect the safety and soundness of the institution.\n\nAppendix III provides DSC\xe2\x80\x99s control and performance standards and the associated risks that\nexaminers may consider in assessing an institution\xe2\x80\x99s BSA compliance program.\n\nReferrals to the Treasury Department\n\nAccording to referral guidelines issued by the Treasury Department\xe2\x80\x99s Office of Financial\nEnforcement in October 1990, the Treasury Department has a zero tolerance level for violations of\nthe BSA but recognizes that BSA violations are of a varying nature. The guidelines were designed\nto assist the financial institution regulatory agencies in determining which BSA violations by banks\nwarrant referral to the Treasury Department \xe2\x80\x9cfor review and possible assessment of civil and/or\ncriminal penalties\xe2\x80\x9d because referrals had been made \xe2\x80\x9cthat were not significant enough to warrant\npenalties.\xe2\x80\x9d The guidelines do not define what constitutes a significant violation. Rather, the\nguidelines state, \xe2\x80\x9cBecause the determination process often is subjective, sound examiner judgment\nand experience also are required.\xe2\x80\x9d To assist with the determination process, the guidelines instruct\nexaminers to \xe2\x80\x9cassess all of the facts and circumstances surrounding the violations,\xe2\x80\x9d including\nwhether:\n\n       \xe2\x80\xa2   the violations represent an isolated incident caused by human error;\n       \xe2\x80\xa2   the deficiencies are indicative of significant noncompliance with the BSA and/or\n           systemic weaknesses in the institution\xe2\x80\x99s BSA compliance program;\n       \xe2\x80\xa2   the types and nature of the violations are serious;\n       \xe2\x80\xa2   the violations are the result of blatant, willful, or flagrant disregard for BSA\n           requirements;\n       \xe2\x80\xa2   there is a pattern of noncompliance with one or more sections of the regulations;\n       \xe2\x80\xa2   the violations result from inadequate policies, procedures, or training programs; and\n       \xe2\x80\xa2   the violations result from a nonexistent or seriously deficient compliance program.\n\nDSC procedures require examiners to use the Treasury Department\xe2\x80\x99s guidelines to determine when\na referral is appropriate.\n\nRegulatory Actions for Noncompliance\n\nFailure by a financial institution to comply with the BSA can result in regulatory sanctions by either\nthe Treasury Department or the FDIC. The BSA and its underlying regulations give the Treasury\nDepartment the authority to assess civil money penalties for violations and to authorize criminal\nprosecution. The FDIC is required to report all identified BSA violations to the Treasury\nDepartment and to refer violations that warrant penalties. Such referrals, however, do not preclude\n\n                                                         4\n                                    This Report Contains Confidential Information\n                   For Official Use Only                                   Restricted Information\n\x0cthe FDIC from taking regulatory action when BSA violations are identified. As cited in 12 U.S.C.\n1818(s), the FDIC shall issue a cease and desist order to any FDIC-supervised institution that fails\nto establish and maintain appropriate BSA procedures or to correct any previously reported problem\nwith the procedures. DSC Transmittal 92-094, Bank Secrecy Act Compliance Examinations, dated\nJuly 30, 1992, provides guidance for implementing this authority. Appendix IV summarizes the\nTreasury Department and FDIC authority for enforcing compliance with BSA requirements.\n\nRESULTS OF AUDIT\n\nThe FDIC needs to strengthen its follow-up process for BSA violations and has initiatives underway\nto reassess and update its BSA policies and procedures. Of the 5,662 financial institutions that the\nFDIC supervised on average for the period January 1, 1997 through September 30, 2003, FDIC\xe2\x80\x99s\ntracking system10 for BSA violations identified:\n\n         \xe2\x80\xa2   2,672 financial institutions, or approximately 47 percent, as being cited for one or more\n             BSA violations; and\n\n         \xe2\x80\xa2   458 financial institutions, or approximately 17 percent of the 2,672 institutions, as having\n             repeat BSA violations.11\n\nOf the sample of 41 institutions we selected to review, 27 had repeat violations.12 Of those 27,\n17 institutions (63 percent) were not subject to regulatory action for their repeat violations, although\nother supervisory efforts may have been in progress. Of the 10 institutions that were subject to\nregulatory action, only 1 was subject to a cease and desist order. DSC policy states that repeat\nviolations cannot be tolerated and that cease and desist orders should be initiated in such cases. In\naddition, Section 8(s) of the FDI Act states that, \xe2\x80\x9cIf the appropriate Federal banking agency\ndetermines that an insured depository institution \xe2\x80\xa6 has failed to correct any problem with the\n[BSA] procedures \xe2\x80\xa6 which was previously reported \xe2\x80\xa6 by such agency, the agency shall issue an\norder \xe2\x80\xa6 requiring such depository institution to cease and desist from its violation\xe2\x80\xa6.\xe2\x80\x9d However,\naccording to the FDIC\xe2\x80\x99s Legal Division, enforcement authority always involves some element of\ndiscretion, including consideration of the nature of the violation and supervisory judgment as to\n\n10\n  The DSC uses FDIC\xe2\x80\x99s Virtual Supervisory Information on the Net system (ViSION) to track apparent BSA violations\ncited in FDIC reports of examination. The DSC also uses ViSION to report BSA violations to the Treasury\nDepartment.\n11\n  Although ViSION identified 458 institutions as having repeat violations, DSC reported that violations involving\ndifferent sections of the regulation may be grouped under the same violation code in ViSION, thus incorrectly\nidentifying some violations as repeats. However, because ViSION is DSC\xe2\x80\x99s system for tracking apparent violations of\nBSA, ViSION was used to select the sampled institutions for our audit and to obtain a general estimate of the\npercentage of FDIC-supervised institutions with repeat violations. Of the 19 institutions in our sample that were\nselected because they were identified in ViSION as having repeat violations, we confirmed that 18 had repeat\nviolations.\n12\n  Our sample of 41 institutions included 22 institutions selected randomly by regional/area office and 19 institutions\njudgmentally selected because they were identified in ViSION as having repeat violations. As noted in footnote 11, we\nconfirmed that 18 of those 19 institutions had repeat violations. In addition, 9 of the 22 institutions that were selected\nrandomly also had repeat violations, resulting in 27 institutions with repeat violations. In addition, after issuance of the\ndraft report to DSC for written comment, the OIG identified one more institution that had a repeat violation. However,\nbecause the DSC did not have an opportunity to review the circumstances related to that repeat violation and provide a\nresponse, the OIG did not adjust the number of repeat institutions included in this report.\n                                                             5\n                                        This Report Contains Confidential Information\n                       For Official Use Only                                   Restricted Information\n\x0chow best to address the violation. Appendix V provides a recap of the institutions we reviewed, the\ntypes of BSA violations identified, whether the institutions were cited for repeat violations, and the\ntypes of regulatory actions taken.\n\nFor the 41 banks in our sample, we reviewed 82 reports13 that cited apparent and often multiple BSA\nviolations. For 25 (30 percent) of those 82 reports, the DSC waited until the next examination to\nfollow up on some or all of the BSA violations. In addition, we noted that not all BSA deficiencies\ndescribed in DSC\xe2\x80\x99s examination reports were cited in the violations section of the reports.14 Also,\nDSC\xe2\x80\x99s regional offices took various approaches to handling violations related to the filing of CTRs\nand to referring bank violations to the Treasury Department.\n\nWe also observed that DSC regional and field offices exercised wide discretion in deciding whether\nand when to follow up on the violations or take regulatory action. In some cases, more than 1 to\n5 years passed before (1) bank management took corrective action that was effective to prevent\nrepeat violations or (2) the DSC applied regulatory actions to address continuing violations.\nAdditionally, the FDIC typically alternates examinations with state banking authorities, but the state\nexaminations usually did not cover BSA compliance. As a result, 2 to 3 years can sometimes elapse\nuntil the next FDIC examination without any follow-up on BSA violations.\n\nAs a result of these conditions, the FDIC has not always ensured that all identified BSA violations\nhave been included and tracked in ViSION and, therefore, has not ensured complete reporting to the\nTreasury Department. Further, the FDIC\xe2\x80\x99s supervisory actions have not ensured to the greatest\nextent possible that institutions are in compliance with both the Treasury\xe2\x80\x99s and the FDIC\xe2\x80\x99s anti-\nmoney laundering requirements.\n\nIn responding to our observations, DSC officials explained that they focus their efforts on BSA\ncompliance based on their assessment of the risk of money laundering activity for their supervised\ninstitutions. DSC provided us with information on a number of cases not included in our sample for\nwhich they believed supervisory efforts were successful in addressing BSA concerns. Additionally,\nwe noted that DSC is taking steps to update its BSA guidance and is conducting a reassessment of its\nBSA-related policies and procedures. Furthermore, the FDIC is conducting a review of regulatory\nburden and is researching ways to reduce the burden of BSA filing requirements for financial\ninstitutions without hampering efforts to combat money laundering and terrorist financing.\n\n\n\n\n13\n  The 82 reports include 81 examination reports and 1 follow-up visitation report that cited at least one BSA violation\nfor the 41 sampled institutions and that were included in ViSION. The official draft report states that we reviewed 80\nexamination reports, but after issuance of the draft report to DSC for written comment, the OIG identified 2 additional\nexamination reports that cited BSA violations and had been included in our analyses.\n14\n   Based on discussions with DSC officials, cited violations are those violations included in the Violations of Laws and\nRegulations schedule of the examination reports and should be recorded in ViSION.\n                                                            6\n                                       This Report Contains Confidential Information\n                      For Official Use Only                                   Restricted Information\n\x0cFOLLOW-UP FOR BSA VIOLATIONS SHOULD BE STRENGTHENED\n\nFor most of the 82 reports with BSA violations in our sample, the DSC initiated timely follow-up\nand other supervisory actions or obtained timely evidence of bank corrective actions. However, in\nsome cases, BSA violations were repeatedly identified in multiple examination reports before bank\nmanagement took corrective action or the FDIC took regulatory action to address the repeat\nviolations. Further, for 25 (30 percent) of the examination reports, the DSC waited until the next\nexamination to determine whether a bank had corrected some or all of its violations. According to\none DSC official, each regional office exercises discretion in assessing bank compliance with BSA\nrequirements. The decision on whether and at what time to follow up on BSA violations is a\ndecentralized process and, in many cases, is based on the FDIC\xe2\x80\x99s view from experience that the\ninstitution represents a relatively \xe2\x80\x9clow risk\xe2\x80\x9d in terms of potential money laundering activities. This\ndecentralized process has resulted in a wide range of follow-up actions for BSA violations and of\nelapsed time before supervisory actions are taken. As a result, the BSA compliance programs of\nsome institutions have remained weak for extended periods.\n\nWe sampled 41 of the 2,672 financial institutions with BSA violations for detailed review. Of those\n41 institutions:\n\n       \xe2\x80\xa2   35 institutions (86 percent) were cited for violations related to the Treasury Department\xe2\x80\x99s\n           financial recordkeeping and reporting requirements as prescribed in 31 C.F.R. Part 103,\n           and\n\n       \xe2\x80\xa2   29 institutions (71 percent) were cited for deficient BSA programs that did not meet the\n           minimum requirements of the FDIC Rules and Regulations.\n\nRegarding the Treasury Department\xe2\x80\x99s Regulations at 31 C.F.R. Part 103, these financial institutions\nwere most frequently cited for:\n\n       \xe2\x80\xa2   failure to file CTRs for nonexempted transactions over $10,000 (22 institutions);\n       \xe2\x80\xa2   failure to maintain records on sales of monetary instruments of $3,000 through $10,000\n           (16 institutions);\n       \xe2\x80\xa2   failure to furnish information required in CTRs (14 institutions);\n       \xe2\x80\xa2   untimely filing of CTRs or failure to retain CTRs for 5 years (13 institutions); and\n       \xe2\x80\xa2   failure to treat multiple transactions totaling over $10,000 as a single transaction\n           (10 institutions).\n\nRegarding the FDIC\xe2\x80\x99s Rules and Regulations Section 326.8, the 41 financial institutions in our\nsample were most frequently cited for:\n\n       \xe2\x80\xa2   lack of independent testing of BSA compliance (16 institutions),\n       \xe2\x80\xa2   failure to develop or implement an adequate BSA compliance program (15 institutions),\n       \xe2\x80\xa2   inadequate system of internal controls for BSA compliance (10 institutions), and\n       \xe2\x80\xa2   failure to provide adequate BSA training (7 institutions).\n\n\n\n                                                         7\n                                    This Report Contains Confidential Information\n                   For Official Use Only                                   Restricted Information\n\x0cAppendix VI summarizes the types of BSA violations and the numbers of institutions that had\nviolations for the 41 sampled financial institutions for the period January 1, 1997 through\nSeptember 30, 2003. These BSA violations included those recorded in ViSION and those not\nrecorded in ViSION that had been cited in examination reports.\n\nResponsibilities Prescribed by BSA Laws, Regulations, and Policies\n\nBased on our review of applicable BSA laws, regulations, and policies, the DSC is responsible to\ntake the following steps in identifying and addressing BSA violations:\n\n       \xe2\x80\xa2   Examine FDIC-supervised institutions for compliance (12 U.S.C. 1818(s), Compliance\n           with Monetary Transaction Recordkeeping and Report Requirements; 31 C.F.R.\n           103.56(b), Enforcement; Section 10(b), Examinations, of the FDI Act; and 12 C.F.R.\n           337.12, Frequency of Examinations, of the FDIC Regulations and Statements of General\n           Policy).\n\n       \xe2\x80\xa2   Identify and report BSA violations in reports of examination and report the violations to\n           Treasury (DSC Transmittal 92-094, dated July 30, 1992; and Manual of Examination\n           Policies, Financial Recordkeeping and Reporting Regulations, Section 9.4).\n\n       \xe2\x80\xa2   Give institutions an opportunity to correct violations within a reasonable period after\n           being notified of violations (DSC Transmittal 92-094, dated July 30, 1992).\n\n       \xe2\x80\xa2   Verify corrective measures with a follow-up visitation/examination if needed (DSC\n           Transmittal 92-094).\n\n       \xe2\x80\xa2   Initiate a cease and desist order if an institution has failed to establish or maintain BSA\n           procedures or failed to correct any previously reported problem with the procedures (12\n           U.S.C. 1818(s) and DSC Transmittal 92-094).\n\n       \xe2\x80\xa2   Impose civil money penalties for violations of cease and desist orders\n           (12 U.S.C. 1818(i)(2)(ii)).\n\n       \xe2\x80\xa2   Refer significant violations to the Treasury Department (Bank Secrecy Act Referral\n           Guidelines for Financial Institutions, as incorporated into DSC Transmittal 91-020,\n           dated January 31, 1991).\n\n\nThe FDIC Process for Follow-up and Other Supervisory Actions\n\nThe FDIC does not have a standard, nondiscretionary approach for determining when and how to\nfollow up on BSA violations. The process used to identify, track, and report BSA violations is\ndecentralized and is based on the judgment of DSC examiners, field office supervisors, case\n\n\n\n\n                                                        8\n                                   This Report Contains Confidential Information\n                  For Official Use Only                                   Restricted Information\n\x0cmanagers, and regional office management.15 DSC officials stated that they apply a risk-focused\napproach to BSA compliance, taking into consideration the specific demographics of each financial\ninstitution when deciding whether to pursue supervisory actions and the type of action necessary.\nAccording to DSC, those demographics may include the \xe2\x80\x9coverall profile\xe2\x80\x9d of an institution, including\nits location, asset size, history of bank management in taking corrective actions, history of violations,\nsize of bank staff, assessment of risk related to anti-money laundering and the BSA, and composite\nrating. Nevertheless, our review of DSC\xe2\x80\x99s examinations for the sampled banks raised concerns\nabout instances where the FDIC:\n\n        \xe2\x80\xa2    did not take regulatory or enforcement actions for repeat violations, or\n\n        \xe2\x80\xa2    waited until the next examination to follow up on violations and verify whether\n             corrective actions taken by bank management were effective.\n\nIn addition, we noted that DSC examiners sometimes cited BSA deficiencies in the violations\nsection of the examination reports and other times did not. We also noted that DSC\xe2\x80\x99s regional\noffices took varying approaches for handling violations related to the filing of CTRs and for\nreferring institution violations to the Treasury Department.\n\nHandling of Repeat Violations\n\nWith respect to regulatory actions, the DSC imposed such actions on 10 (37 percent) of the\n27 institutions we sampled that had repeat violations and on 1 institution that did not have repeat\nviolations. Of those 11 institutions for which regulatory actions were imposed:\n\n         \xe2\x80\xa2    a cease and desist order was imposed for one institution,\n         \xe2\x80\xa2    memorandums of understanding were imposed for six institutions,\n         \xe2\x80\xa2    bank board resolutions were imposed for four institutions, and\n         \xe2\x80\xa2    a state determination letter was imposed for one institution.16\n\nTen of these institutions had violations that related to both Treasury Department\xe2\x80\x99s Part 103 and the\nFDIC\xe2\x80\x99s Section 326.8, and one institution had violations related to Treasury Department\xe2\x80\x99s Part 103.\n\nAs shown in Table 1 on the next page, the regulatory actions were taken for institutions with varying\ncomposite ratings and a wide range of asset sizes.\n\n\n\n\n15\n  One FDIC area office uses a BSA Watchlist to assist in monitoring compliance with BSA-related laws and\nregulations. DSC officials stated that for those institutions that are included on the watchlist, a follow-up visitation\nshould be performed 6 months to 1 year after the examination that prompted inclusion, and an on-site follow-up should\noccur at least every 12 months thereafter until removal from the watchlist. Removal from the watchlist is considered if\nthe on-site follow-up confirms adequate correction of prior BSA deficiencies.\n16\n   The numbers total 12 because for 1 institution, both a memorandum of understanding and a bank board resolution had\nbeen imposed.\n                                                            9\n                                       This Report Contains Confidential Information\n                      For Official Use Only                                   Restricted Information\n\x0cTable 1: Analysis of Composite Rating and Asset Size for Institutions for Which Regulatory\nActions Were Imposed\n                                                 Number Of                  Type Of Regulatory Action Taken\n                                               Institutions For\n                                                                             Number of               Number of\n                                              Which Regulatory\n                                                                          Institutions with       Institutions with\n   Composite         Range Of Asset             Actions Were\n                                                                          Informal Action          Formal Action\n     Ratinga         Sizeb (millions)              Imposed\nComposite              $5 - $122                       4                           4                     0\nrating \xe2\x80\x9c2\xe2\x80\x9d\nComposite             $23 - $190                         4                         4                     0\nrating \xe2\x80\x9c3\xe2\x80\x9d\nComposite             $10 - $72                          3                         2                     1\nrating \xe2\x80\x9c4\xe2\x80\x9d\nTOTALS                                                   11                        10                    1\na\n The composite ratings are those at time of violation for which enforcement action was issued.\nb\n Asset size is based on September 30, 2003 data obtained from the FDICnet Institution Information/Institution\nDirectory.\nSource: OIG review of the Formal and Informal Action Tracking System (FIAT) data, reports of examination,\nsupplemental information provided by the DSC, and the FDICnet Institution Information/Institution Directory.\n\n\n\nAlthough regulatory actions were taken for 10 of the 27 institutions in our sample that had repeat\nviolations, regulatory actions were not imposed for the other 17 institutions that had repeat\nviolations. DSC\xe2\x80\x99s memorandum on Bank Secrecy Act Compliance Examinations (Transmittal\nNumber 92-094) states that repeat violations cannot be tolerated. Furthermore, FDI Act section 8(s),\ncodified at 12 U.S.C. 1818(s), states, \xe2\x80\x9cthe agency shall issue an order \xe2\x80\xa6 to cease and desist\xe2\x80\x9d when\nthe institution \xe2\x80\x9chas failed to correct any problem with the [BSA] procedures \xe2\x80\xa6 previously reported\nto the depository institution\xe2\x80\xa6.\xe2\x80\x9d Nevertheless, a cease and desist order was issued to only\n1 institution in our sample that had repeat violations; 17 institutions (63 percent of the institutions in\nour sample) with repeat violations were not subject to regulatory action by the FDIC.\n\nAccording to the FDIC\xe2\x80\x99s Legal Division, enforcement authority always involves some element of\ndiscretion. Such discretion may include consideration of the nature of the violation, supervisory\njudgment as to how best to address the violation, whether to apply formal or informal action, and\nconsideration of workload priorities and resource constraints. Also, the Legal Division indicated\nthat Section 8(s) establishes two key factors for consideration: (1) has the institution established a\nBSA program? and (2) are there any problems with the program? Minor violations that are not\ncovered by one of these factors would not merit a cease and desist order under Section 8(s).\nHowever, of the 17 institutions with repeat violations that were not subject to regulatory action, only\n2 institutions did not have program violations.\n\nThe DSC\xe2\x80\x99s Formal and Informal Action Procedures Manual does not specifically address BSA\nviolations, yet it does state that the belief that bank management has recognized deficiencies and will\ntake corrective action(s) is not sufficient, in and of itself, to preclude taking regulatory action. In\ndetermining the appropriate regulatory action, DSC officials explained that, in the context of a risk-\nfocused examination, they consider several areas: bank management\xe2\x80\x99s willingness to address\nsupervisory concerns and management\xe2\x80\x99s history of responding to those concerns, demonstration of a\n\n                                                             10\n                                       This Report Contains Confidential Information\n                      For Official Use Only                                   Restricted Information\n\x0cgood faith effort at correcting noted deficiencies, the condition of the institution, the overall risk\nposed by the identified weaknesses, and other factors.\n\nFollow-up on Violations\n\nDSC\xe2\x80\x99s process for following up on violations cited in reports of examination includes:\n\n         \xe2\x80\xa2    a request for the report to be considered in the bank\xe2\x80\x99s next board meeting, with a record\n              of actions taken entered into the minutes;\n         \xe2\x80\xa2    a request for bank management to provide a response indicating the actions taken to\n              eliminate each cited violation or deficiency; and\n         \xe2\x80\xa2    follow-up of the corrective actions at the next examination.\n\nBecause of the significance of BSA violations, we checked whether follow-up occurred before the\nnext examination. Specifically, for the institutions included in our sample, we checked how often\nand by what method DSC followed up on whether corrective actions had been taken. We\nconsidered evidence related to DSC\xe2\x80\x99s follow-up actions or the banks\xe2\x80\x99 corrective actions and\ninformation from the Treasury Department. As a result of our analysis of the process and our\nreview of the 82 reports that cited apparent BSA violations, we found that:\n\n        \xe2\x80\xa2    For 20 reports, DSC followed up or pursued regulatory action for certain violations\n             before the next examination, including additional correspondence, visitations, and\n             regulatory actions such as bank board resolutions, memorandums of understanding, or\n             cease and desist orders.\n\n        \xe2\x80\xa2    For 42 reports, DSC received evidence from bank management, Treasury\xe2\x80\x99s Financial\n             Crimes Enforcement Network (FinCEN), or the Internal Revenue Service (IRS) that\n             certain violations had been corrected before the next examination, and in many of these\n             instances, corrective action took place before the examination was completed.\n\n        \xe2\x80\xa2    For 25 reports, DSC waited until the next examination to assess the adequacy of bank\n             corrective actions for certain violations.17\n\nIn one case, a subsequent state examination followed up on violations cited by the DSC and pursued\nthe matter until the bank took corrective action. Most state examinations, however, did not cover\nBSA compliance.\n\nTable 2 provides examples of the variety of follow-up and regulatory actions taken by the FDIC to\naddress BSA violations. These examples are specifically related to violations cited for FDIC\xe2\x80\x99s Rules\nand Regulations Section 326.8. Appendix II provides a detailed description of the requirements in\nFDIC\xe2\x80\x99s Rules and Regulations Section 326.8.\n\n\n\n\n17\n  Note that the numbers do not total 82 because DSC used different follow-up actions for some examination reports that\ncited multiple violations.\n                                                           11\n                                       This Report Contains Confidential Information\n                      For Official Use Only                                   Restricted Information\n\x0c      Table 2: Supervisory Actions Taken for Similar BSA Violations\n      INSTITUTION\n    IDENTIFICATION              VIOLATION                                                  SUPERVISORY ACTIONS\n       NUMBER*\n            4                  326.8(b)             The violation was cited during an ******, 1997 examination. It is a repeat violation initially cited\n                                                    during the institution\xe2\x80\x99s *********, , 1996, examination. A bank board resolution (BBR) was\n                                                    adopted ********, 1998, more than 2 years after initial citation.\n              12               326.8(b)             Violation was initially cited during the ********* 1998 examination for a combination of\n                                                    deficiencies in the bank\xe2\x80\x99s BSA Compliance program, including lack of independent testing. Bank\n                                                    officials informed the FDIC that the 1998 violation had been corrected prior to the state 1999\n                                                    examination by having a Certified Public Accounting firm conduct independent testing in ****\n                                                    1998. The 1999 state examination did not identify any BSA violations. The bank was cited for a\n                                                    repeat violation during the FDIC examination on **********, 2000 because independent testing\n                                                    had not been conducted since 1998 and the bank had not kept the BSA program current and\n                                                    approved annually. The *********, 2002 state examination cited the bank for lack of independent\n                                                    testing because no testing had been conducted since 1998. The ******, 2003 examination did not\n                                                    report this violation. No supervisory action was taken by the FDIC. FDIC officials stated \xe2\x80\x9c. . .\n                                                    that it should be noted that Part 326 does not specify the frequency of the required independent\n                                                    testing. The Guidelines for Monitoring Bank Secrecy Act Compliance (issued by FIL 29-96)\n                                                    indicate that annual testing should be conducted, but guidelines cannot be \xe2\x80\x9cviolated\xe2\x80\x9d \xe2\x80\x93 there can\n                                                    be violations only of regulations.\xe2\x80\x9d\n              15               326.8(b)             As a result of violations related to safety and soundness, the FDIC and bank management signed a\n                                                    memorandum of understanding (MOU) on ******, 1999, which placed numerous requirements on\n                                                    the institution for compliance. Although the MOU did not specifically address BSA violations, it\n                                                    did refer to the requirement to correct violations of all laws. After the ********, 2000\n                                                    examination during which BSA violations were reported, the FDIC continued the MOU. The\n                                                    institution\xe2\x80\x99s progress report for **** 2000 indicated that all violations had been corrected. The\n                                                    MOU was terminated ********, 2001.\n              1                326.8(c)(2)          The violation was reported during the *********, 2000 FDIC examination. Based on that\n                                                    examination, bank management agreed to have testing performed in ******** 2000. However,\n                                                    the violation was identified as a repeat violation during the *********, 2002 state examination.\n                                                    Bank management provided evidence that the independent testing was completed on ******** ,\n                                                    2002\xe2\x80\x94almost 2 years after initial citation.\n              19               326.8(c)(2)          Violation was initially cited during the *********, 1999 examination and was repeated during the\n                                                              2001 and *********, 2003 examinations. As a result of the****** , 2001 examination,\n                                                    the state regulatory agency placed the bank under a Determination Letter, which was related to\n                                                    various safety and soundness concerns and required the bank to correct all violations of law,\n                                                    including the apparent BSA infractions. The institution was required to provide quarterly progress\n                                                    reports. The ********, 2003 quarterly report indicated that the BSA violation had been addressed\n                                                    and reviewed. The next examination conducted in *** 2003 indicated that all BSA violations had\n                                                    been corrected, and no additional violations were cited.\n              29               326.8 BSA            Violations of 326.8(b) BSA Compliance Program and 326.8(c)(2) lack of independent testing\n                               Compliance           were cited during the 1998 examination, and a violation of 326.8(b) was cited during the 2000\n                               Program and          examination. FDIC\xe2\x80\x99s comments for this institution indicated that officials did not consider the\n                               326.8(c)(2)          violations to be systemic; bank management promised appropriate action; and given the positive\n                                                    relationship with the regulatory agencies in the past, there was no reason to think that corrective\n                                                    action would not be taken; and enforcement action did not appear warranted. Further, FDIC\n                                                    officials stated that bank management was able to demonstrate a good faith effort at correcting the\n                                                    noted deficiencies and that although it took two examination cycles to clear the violations,\n                                                    improvement was noted at each examination.\n              33               326.8(c)(2)          Violation was cited during the ******* , 2001 examination. The institution provided evidence\n                                                    that corrective action was taken 14 months after the examination.\n              37               326.8(c)(2)          Violation was first cited during the ****** 1997 examination and was included as repeat violation\n                                                    during the *******, 1999 and********, 2002 examinations. The FDIC issued a cease and desist\n                                                    order effective *******, 2002, pursuant to Section 8(s)\xe2\x80\x94over 5 years after initial citation\xe2\x80\x94solely\n                                                    for violations related to lack of independent testing and employee training for BSA. The FDIC\n                                                    conducted a visitation on **********, 2002 and determined the bank to be in substantial\n                                                    compliance with most provisions of the order. The order was terminated ***********, 2002.\n*\n  The number shown in this column represents the identification number assigned for the institution. Since most of the institutions included in the OIG\nsample are open banks, the names of the institutions are not used for identification purposes. The numbers correspond with data shown in Appendix V.\n\n                                                                             12\n                                                 This Report Contains Confidential Information\n                                For Official Use Only                                   Restricted Information\n\x0cSource: OIG review of ViSION data, reports of examination, and supplemental information provided by DSC regional and area office officials.\n      As evidenced by Table 2, supervisory approaches and the time taken for follow-up on BSA\n      violations varied.\n\n      Inconsistencies in Describing Deficiencies and Citing Violations\n\n      In reviewing DSC\xe2\x80\x99s reports of examination, we observed several instances of BSA deficiencies\n      described in the reports but not cited in the Violations of Laws and Regulations section of the\n      reports. On the other hand, we also noted instances of similar BSA deficiencies that were cited as\n      violations. Deficiencies that are described in the reports of examination not cited as violations\n      may receive less attention from bank management or in follow-up by the DSC. According to\n      DSC officials, the examiners exercise judgment in determining the significance of BSA concerns.\n      That judgment includes determining whether the weaknesses constitute:\n\n                  \xe2\x80\xa2    apparent violation of laws or regulations, meriting inclusion in the violations section\n                       of the examination report, or\n\n                  \xe2\x80\xa2    noncompliance with DSC guidelines, meriting only mention in the report as matters\n                       for bank management\xe2\x80\x99s attention, which may be sufficient to eliminate concern.\n\n      For example, DSC officials stated that citing an institution for a lack of independent testing would\n      be appropriate if no testing was being conducted; however, the institution would not be cited in\n      cases in which independent testing was being conducted but the frequency or areas of coverage\n      could be enhanced. However, we noted several instances of inconsistency in the handling of BSA\n      deficiencies.\n\n      Deficiencies Described and Cited as Violations\n\n      During an examination conducted in **** 2003, a bank was cited for\n\n            \xe2\x80\xa2    failure to develop a BSA compliance program and provide for the continued\n                 administration of such program because the bank had weak internal controls and did not\n                 provide annual independent testing,\n\n            \xe2\x80\xa2    lack of independent testing of BSA compliance because the bank\xe2\x80\x99s BSA policy did not\n                 address annual independent testing, and\n\n            \xe2\x80\xa2    failure to provide adequate BSA training because the bank\xe2\x80\x99s BSA policy did not address\n                 annual training to be provided to all employees.\n\n      In addition, the management assessment section of the examination report stated that an outside\n      firm had performed a limited review of BSA and recommended that the scope of independent\n      testing be expanded.\n\n      In another example, during a *** 2000 examination, examiners cited a bank for lack of\n      independent testing. The examination report noted that the bank\xe2\x80\x99s BSA policy provided for a\n\n                                                                           13\n                                                This Report Contains Confidential Information\n                               For Official Use Only                                   Restricted Information\n\x0csystem of independent testing for compliance with the BSA, but that independent testing had not\nbeen conducted. Additionally, the report stated that the independent review did not address\nexemptions,18 a test of the bank\xe2\x80\x99s recordkeeping system and the recordkeeping requirements for\nwire transfers and the sale of monetary instruments.\n\nDuring an ****** 2000 examination, a bank was cited for overall noncompliance with the BSA\ncompliance program requirements because of noted \xe2\x80\x9cweaknesses\xe2\x80\x9d in the bank\xe2\x80\x99s training efforts\nand independent testing procedures. The report further stated that while independent testing was\nnot conducted in 1998 or 1999, the testing that was conducted in 2000 was too narrow in scope\nand did not review wire transfer activity. The examiner cited the bank for failure to develop or\nimplement an adequate BSA compliance program, indicating overall noncompliance with BSA\nregulations, and did not limit the violation specifically to a lack of independent testing.\n\nDeficiencies Described and Not Cited as Violations\n\nIn contrast to deficiencies cited as violations, we noted instances in which significant\ndeficiencies were described by examiners but were not cited as specific violations:\n\n        In a **** 1997 examination report, DSC did not cite a bank for lack of independent\n        testing even though the report specifically stated that bank management did not adhere to\n        the policy guideline that required comprehensive audits of the BSA function. In addition,\n        the report stated that certain transactions (currency) were not properly reported and that\n        numerous errors in transaction reports were the result of the inadequate review and audit\n        procedures. These deficiencies resulted in several violations cited in the 1997 report,\n        such as failure to file CTRs, failure to properly document CTRs, and inadequate\n        verification of customers\xe2\x80\x99 identification, but not lack of independent testing. Further, the\n        2000 examination report stated that (1) the lack of independent testing of the BSA\n        program and weaknesses in internal reviews of CTRs resulted in apparent violations,\n        (2) the apparent violations related to the failure to provide for independent testing of the\n        BSA program and the filing of CTRs with incomplete and inaccurate information, and\n        (3) the independent testing deficiency was noted at the 1997 examination and remains\n        uncorrected. The examiners cited the institution for failure to develop or implement an\n        adequate BSA compliance program. For the subsequent examinations conducted in 2001\n        by the state regulatory agency and in 2002 by the FDIC, no violations related to\n        independent testing were noted. The state examination noted that independent testing\n        was being performed.\n\n        In another examination report for an ****** 1997 examination, examiners described the\n        bank\xe2\x80\x99s BSA compliance program as severely lacking and further stated that there were\n        serious deficiencies in the program. The examination report indicated that the BSA\n        compliance program did not address record retention; internal procedures for detection,\n        prevention, and reporting of large currency transactions and suspicious transactions\n        related to money laundering activities; or written procedural guidelines for meeting the\n        reporting and recordkeeping requirements of the BSA regulations. In addition, examiners\n\n18\n The term \xe2\x80\x9cexemption\xe2\x80\x9d refers to instances in which banks are not required to file CTRs for transactions by certain\ncategories of \xe2\x80\x9cExempt Persons.\xe2\x80\x9d Exemptions are further defined in Appendix VIII.\n                                                         14\n                                     This Report Contains Confidential Information\n                    For Official Use Only                                   Restricted Information\n\x0c       noted that the program lacked an effective system of internal controls to ensure ongoing\n       compliance. Further, examiners noted that no formal auditing procedures were evidenced\n       that would confirm the integrity and accuracy of the systems for reporting large currency\n       transactions. The bank\xe2\x80\x99s internal auditor did perform a limited review, but did not\n       include a review of tellers\xe2\x80\x99 work or independent testing of currency transactions. Audit\n       procedures also were lacking for adherence to recordkeeping and/or retention\n       requirements. As a result of this examination, the bank was cited in the violations section\n       of the examination report only for an inadequate system of internal controls and various\n       violations related to Treasury Department\xe2\x80\x99s Part 103. The bank\xe2\x80\x99s deficiencies related to\n       the lack of independent testing did not result in the citation of an apparent violation. In a\n       joint examination conducted in 1998, the institution was cited for a lack of independent\n       testing, an inadequate system of internal controls, and a violation related to Treasury\n       Department\xe2\x80\x99s Part 103.\n\n       In a ****** 2003 report of examination, examiners stated that the frequency of\n       independent testing was inadequate and that the frequency of testing should be increased\n       to monitor the integrity of internal controls and procedures and assure compliance with\n       related regulations and bank policy. The report also described deficiencies related to an\n       inadequate system of internal controls. The examiners recommended that both the\n       manual cash log and the automated system be used to ensure CTRs were filed and that\n       tellers received training on the sequencing of cash transactions. However, the bank was\n       not cited for a lack of internal controls to address the identified deficiencies or a lack of\n       independent testing. Although a BSA data entry form was attached to the back of the\n       examination report, indicating a citation for the lack of independent testing, the violation\n       was not included in the violations section of the examination report and did not appear in\n       ViSION. The bank was cited only for one violation\xe2\x80\x94failure to file CTRs.\n\nDSC officials stated that banks are not required to conduct independent testing on an annual\nbasis, although annual testing is recommended in DSC Guidelines for Monitoring Bank Secrecy\nAct Compliance, dated August 1, 1996. DSC officials stated that because Section 326.8(c) states\nthat independent testing should be conducted by bank personnel or an outside party and does not\nspecifically require \xe2\x80\x9cannual\xe2\x80\x9d testing, BSA weaknesses involving a lack of annual testing should\nnot be cited as violations. DSC officials added that banks cannot violate \xe2\x80\x9cguidelines\xe2\x80\x9d\xe2\x80\x94rather,\nviolations should be cited for noncompliance of laws or regulations only. However, our review\nof examination reports indicated that examiners were not consistent in this area. When citing\nviolations related to independent testing, the examiners sometimes stated in their reports that\nbanks were required to perform annual testing and used the DSC\xe2\x80\x99s guidelines rather than the\nregulations as the basis for citing such violations. DSC officials also stated that banks would not\nnecessarily be cited for a violation of independent testing if at least some testing was being\nconducted; however, examiners did cite some violations when testing needed to be expanded.\n\nDSC officials also stated that examination reports go through multiple levels of review.\nSpecifically, officials stated that the reports of examination are reviewed at the field supervisory\nand case manager level, and by regional office management, who all have the opportunity to\nreclassify these deficiencies as violations if they think a case warrants such reclassification. In\naddition, DSC officials stated that examiners are expected to use their judgment in determining\n\n                                                       15\n                                   This Report Contains Confidential Information\n                  For Official Use Only                                   Restricted Information\n\x0cwhether BSA deficiencies should be cited as violations. Officials added that examiners include\nthese deficiencies in reports of examination as a means to bring those issues to bank\nmanagement\xe2\x80\x99s attention. Further, bank management is required to address not only the cited\nviolations, but also weaknesses that are described in reports of examinations.\n\nHandling of Violations Related to CTRs\n\nWe also noted variations in the handling of violations related to CTRs. While conducting\nexaminations, examiners identified instances in which financial institutions had improperly\nexempted customers from currency transaction reporting requirements or otherwise failed to file\nCTRs in accordance with 31 C.F.R. Part 103. According to DSC Transmittal 1993-149,\nExtension of Filing Deadline for Currency Reports Filed Transaction on Magnetic Tape, dated\nOctober 14, 1993, CTRs must be filed with the IRS within 15 days following the date of the\ntransaction (25 days if the financial institution files electronically). For those institutions that did\nnot file CTRs within the specified timeframe, FinCEN requests that examiners have bank\nofficials request permission to backfile CTRs. DSC regional offices did not handle violations\nrelated to the backfiling of CTRs in a consistent manner. Some offices required the institutions\nto request permission to backfile, while other offices allowed the institutions, in cases that\ninvolved one or two CTRs, to file without requesting permission to backfile.\n\nHandling of Referrals to the Treasury Department\n\nDSC referrals of bank violations to the Treasury Department were infrequent. According to\ninformation provided by the DSC, 34 referrals were made from January 1, 1997 to\nDecember 31, 2003, and 28 referrals (82 percent) were made by 1 DSC regional office. DSC\nofficials added that since the FDIC reports summary information on BSA violations to the\nTreasury Department through ViSION, Treasury sometimes requests copies of applicable\nexamination reports based on Treasury\xe2\x80\x99s analysis of the violations. The following actions have\nresulted from the referrals made by the FDIC from January 1, 1997 through December 31, 2003\n\n        \xe2\x80\xa2   27 institutions received cautionary letters or letters of warning from the Treasury\n            Department,\n\n        \xe2\x80\xa2   1 institution received a civil money penalty,\n\n        \xe2\x80\xa2   3 referrals were resolved by other means, and\n\n        \xe2\x80\xa2   3 referrals were still open.\n\nThe Treasury Department\xe2\x80\x99s 1990 referral guidelines state that one of the reasons the guidelines\nwere issued was that referrals had been made that were not significant enough to warrant\npenalties. Consequently, it may be advisable for DSC to discuss the referral guidelines with the\nTreasury Department and to request clarification. Treasury\xe2\x80\x99s priorities and approaches to\npenalties for BSA violations may have changed since the guidelines were issued over 13 years\nago.\n\n\n                                                       16\n                                   This Report Contains Confidential Information\n                  For Official Use Only                                   Restricted Information\n\x0cTimeliness of Follow-up and Other Supervisory Actions\n\nThe timeliness of follow-up and other supervisory actions varied among the regional and area\noffices. The time period ranged from immediate (during the examination process) to over 5 years\nfor bank management corrective action, FDIC verification of corrective action, or FDIC\nregulatory action. During the extended time frames, subsequent examinations determined that\nsome previously cited BSA violations remained uncorrected even though bank management may\nhave indicated it would take corrective action.\n\nFor 27 of the 41 financial institutions we reviewed, the examination reports or supplemental\ninformation provided by DSC showed that bank management promptly addressed certain BSA\nviolations during the examinations or within a 12-month period after the examinations as noted\nbelow:\n\n        \xe2\x80\xa2   Violations at 14 institutions related to the Treasury Department\xe2\x80\x99s Part 103 only -- the\n            financial recordkeeping and reporting requirements for CTRs and exemption status\n            for specific customers;\n        \xe2\x80\xa2   Violations at 4 institutions related to Treasury Department\xe2\x80\x99s Part 103 and the FDIC\xe2\x80\x99s\n            Section 326.8.\n        \xe2\x80\xa2   Violations at 4 institutions related to Treasury Department\xe2\x80\x99s Part 103, the FDIC\xe2\x80\x99s\n            Section 326.8, and Section 353.3.\n        \xe2\x80\xa2   Violations at 3 institutions related to the FDIC\xe2\x80\x99s Rules and Regulations,\n            Section 326.8 only.\n        \xe2\x80\xa2   Violations at 2 institutions related to the Treasury Department\xe2\x80\x99s Part 103 and the\n            FDIC\xe2\x80\x99s Rules and Regulations, Section 353.3.\n\nIn other cases, bank management did not take action to correct cited BSA violations within a 12-\nmonth period. In these cases, more than 1-5 years elapsed before bank management took\ncorrective action or the FDIC took regulatory action to address the violations as shown in\nTable 3. These cases included violations cited for both Treasury\xe2\x80\x99s Part 103 and the FDIC\xe2\x80\x99s\nRules and Regulations, Section 326.8 and Section 353.3.\n\nTable 3: Time Taken to Address BSA Violations\n    LENGTH OF TIME FOR ACTION                 NUMBER OF INSTITUTIONS*\n            12 months or less                           27\n            13 months-24 months                         13\n            25 months-36 months                         16\n            37 months-48 months                         10\n            49 months-60 months                          1\n            More than 60 months                          8\n*\n The number of institutions will exceed the 41 sampled institutions because the length of time varied for\ninstitutions with multiple BSA violations.\nSource: OIG analysis of ViSION data and review of evaluation reports and supplemental information provided\nby DSC for the 41 sampled institutions.\n\n\n\n\n                                                       17\n                                   This Report Contains Confidential Information\n                  For Official Use Only                                   Restricted Information\n\x0cDSC officials stated that follow-up on BSA violations often occurs at the next FDIC examination\nrather than between examinations. Although the FDIC can conduct visitations between regularly\nscheduled examinations, we identified only a few visitations based on information provided by\nthe DSC that addressed BSA violations.\n\nGenerally, the FDIC alternated examinations of the sampled institutions with state regulatory\nagency examinations for those institutions. However, 45 of the 72 examination reports we\nreviewed from state regulatory agencies did not specifically address BSA compliance.\nTherefore, the FDIC could not rely on those examinations to determine whether bank\nmanagement took corrective actions to address previously cited violations or to identify any new\nBSA violations. Consequently, follow-up by the FDIC on some previously cited BSA violations\ndid not occur until the next FDIC examination, generally 24 to 36 months after the violations\nwere initially identified.\n\nThe following examples illustrate inadequate follow-up on BSA violations and regulatory\nactions imposed and the timeliness of those actions.\n\n          \xe2\x80\xa2    During a joint examination conducted in ****** 1997, examiners identified significant\n               deficiencies in the bank\xe2\x80\x99s BSA policies and operating procedures. Examiners\n               concluded that the bank\xe2\x80\x99s BSA compliance program was inadequate and in immediate\n               need of revision. The bank was cited for:\n\n                      \xc2\x83   failure to have an adequate written bank board of directors-approved BSA\n                          compliance program,\n                      \xc2\x83   lack of independent testing of BSA compliance,\n                      \xc2\x83   failure to designate individuals responsible for BSA compliance,\n                      \xc2\x83   failure to provide adequate BSA training\xe2\x80\x94overall noncompliance with the\n                          FDIC\xe2\x80\x99s Section 326.8 minimum requirements\xe2\x80\x94and\n                      \xc2\x83   one violation related to Treasury\xe2\x80\x99s Part 103.\n\n              The bank\xe2\x80\x99s president promised to take corrective action necessary for the cited\n              violations. At the ***** 1999 examination, the bank was cited for having an\n              inadequate system of internal controls and lack of independent testing. During the ***\n               2***** 2002 examination, the bank was cited for numerous violations of Treasury\xe2\x80\x99s\n              Part 103, an inadequate system of internal controls for BSA compliance, and SAR\n              violations. FDIC officials stated that no follow-up visitation was conducted for this\n              institution after the ***** 1999 examination and that given the promise of corrective\n              action by the bank president within 90 days of receipt of the report, as stated in the\n              report of examination, further follow-up was apparently determined to be unnecessary.\n              In ****** 2003, however, the FDIC entered into a Memorandum of Understanding\n              with the bank for various safety and soundness issues and BSA compliance concerns.\n\n      \xe2\x80\xa2       During examinations conducted in **** 1997,**** 1999, and ****** 2002, a bank was\n              cited for violations related to the lack of independent testing of BSA compliance,\n              failure to provide adequate BSA training, and violations related to the Treasury\n              Department\xe2\x80\x99s Part 103. However, no adequate bank corrective action or supervisory\n\n                                                          18\n                                      This Report Contains Confidential Information\n                     For Official Use Only                                   Restricted Information\n\x0c         action was taken until after the ****** 2002 examination. The FDIC issued a cease\n         and desist order effective ******, 2002, more than 5 years after the violations were\n         initially cited. Violations related to the lack of independent testing and failure to\n         provide adequate BSA training were repeat violations during the 1999 and 2002\n         examinations. The DSC issued a cease and desist order on ******, 2002 which was\n         terminated in ******** 2002.\n\n     \xe2\x80\xa2   During an examination conducted in *** 1998, a bank was cited for violations related\n         to a lack of independent testing for BSA compliance and failure to designate\n         individual(s) responsible for BSA compliance. Violations of lack of independent\n         testing was cited again during the ******* 2001 and ******2003 examinations\xe2\x80\x94three\n         consecutive FDIC examinations. Supervisory action was not taken until ****** 2003,\n         when the FDIC, state regulatory authority, and the bank signed a memorandum of\n         understanding to correct the BSA violations, more than 5 years after the violations were\n         initially cited.\n\n     \xe2\x80\xa2   During an ****** 1998 examination, a bank was cited for violations related to the\n         failure to file CTRs, failure to furnish information on CTRs, improper exemptions, and\n         failure to develop or implement an adequate BSA compliance program. The next\n         examination, conducted in **** 2001, cited the bank for: failure to follow identification\n         procedures or failure to record identification method, untimely filing of CTRs or failure\n         to retain CTRs for 5 years, failure to furnish information required in CTRs, and failure\n         to develop or implement an adequate BSA compliance program. DSC officials stated\n         that the violations cited in the 1998 examination and repeat violations cited in the 2001\n         examination triggered a supervisory response requiring a progress report from the bank\n         and the on-site visitation conducted in ******** 2001.\n\n         DSC conducted a follow-up visit in ******** 2001 and cited the bank for continued\n         violations for: failure to file CTRs for nonexempted transactions over $10,000,\n         untimely filing of CTRs or failure to retain CTRs for 5 years, and failure to furnish\n         information required in CTRs. The visitation showed that bank management\xe2\x80\x99s\n         documentation of BSA training efforts needed improvement, the scope of the\n         independent review needed to be enhanced, and internal controls could be strengthened.\n         The visitation also noted a couple of previously cited violations involving transactions\n         prior to the **** 2001 examination that either had not been corrected or the bank had\n         not retained evidence of correction. Further, the visitation identified new violations\n         related to the failure to furnish information required in CTRs, no record at FinCEN of\n         IRS receipt of CTRs, and untimely filings of CTRs or failure to retain CTRs for 5 years.\n         Based on the progress report and the visitation, DSC concluded, however, that the bank\n         was making a good faith effort to comply with BSA and deemed that no further\n         supervisory efforts were necessary other than regular examinations.\n\nIn contrast to the previous examples, DSC took prompt action for an institution with similar\nviolations. During a joint examination conducted in **** 2003 by the FDIC and the state\nregulatory agency, the examiner concluded that the bank\xe2\x80\x99s BSA program was less than\nsatisfactory and further stated that the bank was in apparent violation of virtually every\n\n                                                      19\n                                  This Report Contains Confidential Information\n                 For Official Use Only                                   Restricted Information\n\x0crequirement of Section 326.8 of the FDIC Rules and Regulations. The bank was cited for the\nfollowing violations related to the Treasury Department\xe2\x80\x99s Part 103, FDIC\xe2\x80\x99s Section 326.8 and\nSection 353:\n\n     \xe2\x80\xa2   failure to file CTRs for nonexempted transactions over $10,000;\n     \xe2\x80\xa2   failure to treat multiple transactions totaling over $10,000 as a single transaction;\n     \xe2\x80\xa2   failure to develop or implement an adequate BSA compliance program;\n     \xe2\x80\xa2   failure to have adequate written board-approved BSA compliance program;\n     \xe2\x80\xa2   inadequate system of internal controls for BSA compliance;\n     \xe2\x80\xa2   lack of independent testing of BSA compliance;\n     \xe2\x80\xa2   failure to designate individuals responsible for BSA compliance;\n     \xe2\x80\xa2   failure to provide adequate BSA training; and\n     \xe2\x80\xa2   various violations related to SARs.\n\nWithin 6 months after the examination, the FDIC issued a proposed cease and desist order. The\nbank responded with evidence that it had taken material steps to improve its BSA compliance.\nDSC conducted a visitation the following month to assess the bank\xe2\x80\x99s progress and concluded that\nthe bank had exerted considerable effort in addressing the violations but that additional effort\nwas necessary to make the bank\xe2\x80\x99s BSA program satisfactory. After the visitation, the DSC\nprovided an MOU to the institution to address the remaining concerns. The MOU became\neffective in ******* 2004.\n\nAs discussed previously, the DSC conducts examinations of its supervised institutions on a 12-\nor 18-month cycle and usually alternates examinations with state regulatory authorities. Since\nthe state regulators do not usually review BSA compliance at their examinations, 2 to 3 years can\nelapse until the next FDIC examination without any follow-up on BSA violations. This delay in\nensuring that BSA violations are corrected could result in additional or continued BSA violations\nand could hinder the detection of criminal activity.\n\n\nCONCLUSION AND RECOMMENDATIONS\n\nThe DSC has adequately followed up on some BSA violations to ensure bank management has\ntaken appropriate corrective action. However, the DSC could better ensure that prompt and\neffective actions are taken by bank management to ensure compliance with BSA regulations.\n\nIn light of the increased congressional interest in BSA compliance and emphasis on national\nsecurity concerns, DSC should re-evaluate and update its examination guidance to help ensure\nadequate DSC follow-up and timely corrective action by bank management. DSC should also\ndiscuss and update the referral policy with the Treasury Department, encourage state coverage of\nBSA compliance, and develop alternative processes to compensate for the lack of state coverage\nof BSA compliance. We noted that DSC is currently conducting a reassessment of its BSA-\nrelated policies and procedures to update its BSA guidance and may be able to address our\nrecommendations in conjunction with this assessment.\n\n\n\n                                                      20\n                                  This Report Contains Confidential Information\n                 For Official Use Only                                   Restricted Information\n\x0cRecommendations\n\nWe recommend that the Director, DSC:\n\n            (1) Re-evaluate and update examination guidance to strengthen monitoring and\n                follow-up processes for BSA violations, including:\n\n                \xe2\x80\xa2     prompt, appropriate, and consistent regulatory action in cases where\n                      management action is not timely, including cease and desist orders for repeat\n                      violations as appropriate;\n\n                \xe2\x80\xa2     consistent and timely follow-up of BSA violations between examinations to\n                      ensure management is taking corrective action;\n\n                \xe2\x80\xa2     consistent citation and recordation of all apparent violations in reports of\n                      examination and in ViSION; and\n\n                \xe2\x80\xa2     a consistent approach to the backfiling of CTRs.\n\n            (2) Review DSC\xe2\x80\x99s implementation of the process for referring institution violations\n                of BSA to the Treasury Department, and discuss with Treasury the need to\n                update or modify the referral guidelines based on changes in priority and\n                approach in recent years.\n\n            (3) Coordinate with state regulatory agencies to cover BSA compliance in state\n                examinations of FDIC-supervised institutions and for those states that do not\n                cover BSA compliance, develop an alternative FDIC process to address BSA\n                compliance when relying on alternating state examinations.\n\n\nCORPORATION COMMENTS AND OIG EVALUATION\n\n\nOn March 22, 2004, the DSC Director provided a written response to the draft report. The\nresponse is presented in Appendix IX to this report. DSC concurred with the three\nrecommendations. As part of its appended response, DSC provided a legal opinion by the FDIC\nGeneral Counsel and an unaudited DSC internal assessment of its program to evaluate bank\ncompliance with the BSA.\n\nIn addressing Congress\xe2\x80\x99s intent in Section 8(s) of the FDI Act, which states that the appropriate\nfederal banking \xe2\x80\x9cagency shall issue an order\xe2\x80\xa6 requiring such depository institution to cease and\ndesist from its violation\xe2\x80\x9d in cases of repeat violations of requirements for establishing and\nmaintaining BSA procedures, the General Counsel\xe2\x80\x99s legal opinion provides the following\nguidance:\n\n\n\n                                                         21\n                                     This Report Contains Confidential Information\n                    For Official Use Only                                   Restricted Information\n\x0c       The absence of a mandate to bring a cease and desist action to address every violation of\n       Section 8(s) or the regulations does not imply that the alternative is to take no action. To\n       the contrary, the statutory intent must be to take an appropriate corrective action based\n       upon the severity of the problem, the risks it poses, and the bank\xe2\x80\x99s willingness to comply\n       expeditiously.\n\nThe audit, however, identified cases where DSC had not taken regulatory action to address repeat\nviolations of these BSA requirements. We also observed numerous violations for which bank\nmanagement indicated a willingness to take corrective actions to prevent recurrence of those\nviolations. However, in several cases, corrective action either was not implemented or was\nimplemented but was not effective in preventing repeat violations. In our opinion, a bank\xe2\x80\x99s\nindicated willingness to correct violations should be only one factor considered in determining\nwhether to impose regulatory action. This conclusion is also supported by the FDIC\xe2\x80\x99s Formal\nand Informal Action Procedures Manual, which states that \xe2\x80\x9cThe belief that the institution\xe2\x80\x99s\nmanagement has recognized the deficiencies and will institute corrective action is not a sufficient\nbasis, in and of itself, to preclude taking corrective action.\xe2\x80\x9d\n\nDSC\xe2\x80\x99s response provided detailed analyses and comments on several issues that relate to DSC\xe2\x80\x99s\noverall BSA program. Because our audit focused on supervisory actions taken in response to\nBSA violations, not DSC\xe2\x80\x99s overall BSA program, we offer no response to these comments.\nHowever, in reviewing DSC\xe2\x80\x99s other comments that relate generally to our audit and specifically\nto our audit results and scope, there are several issues that warranted further discussion and\nclarification.\n\n\nGeneral DSC Comments on Audit\n\n1. DSC Statement:\n \xe2\x80\x9c. . . the DSC\xe2\x80\x99s approach has been to differentiate between serious BSA program problems\nwithin an institution versus isolated and technical weaknesses. In practice, isolated and technical\nweaknesses can be addressed within the normal course of supervisory process.\xe2\x80\x9d\n\nOIG Response:\nDuring this audit, DSC officials initially stated that they do not \xe2\x80\x9c. . . generally characterize BSA\nviolations as either substantive or technical,\xe2\x80\x9d consistent with the \xe2\x80\x9czero tolerance\xe2\x80\x9d policy\nespoused by the Treasury Department. Accordingly, we included in the universe for the selected\nsample all BSA violations recorded in ViSION. We based our analyses and conclusions on the\npremise that DSC\xe2\x80\x99s approach to such violations would not differentiate between substantive and\ntechnical violations. After being provided the preliminary results of the audit, DSC then\nindicated that, in fact, it does differentiate between BSA violations based on significance, but\ncould provide no basis upon which these determinations are made. Contrary to DSC\xe2\x80\x99s assertion,\nfor the sample of institutions we reviewed, we found little or no evidence to indicate that there\nwas a distinction made among BSA violations in deciding whether or in what manner follow-up\naction would be taken.\n\n\n\n                                                      22\n                                  This Report Contains Confidential Information\n                 For Official Use Only                                   Restricted Information\n\x0c2. DSC statement:\n\xe2\x80\x9cTherefore, we do not concur with the inference that the FDIC\xe2\x80\x99s supervisory actions are\nmaterially lacking or that an increased risk of money laundering exists in the institutions for\nwhich we are the primary federal regulator.\xe2\x80\x9d\n\nOIG response:\nWe continue to conclude that the FDIC needs to strengthen its follow-up process for BSA\nviolations, based on the following:\n\n   o Of the 41 institutions sampled, 27 institutions (66 percent) had repeat violations for\n     multiple examinations; 17 (63 percent) of the 27 institutions did not have any type of\n     regulatory action imposed.\n   o Of the 17 institutions for which no regulatory actions had been taken, 15 had repeat\n     violations related to FDIC\xe2\x80\x99s Section 326.8, which establishes the minimum requirements\n     for a BSA compliance program.\n   o We reviewed 82 reports for the 41 sampled institutions. Twenty-five (30 percent) of the\n     reports cited violations for which the DSC waited until the next examination to follow up.\n     Additionally, in many cases, alternating examinations conducted by state regulatory\n     agencies did not address BSA and/or did not follow up on previous violations cited in\n     FDIC reports of examinations. For those states that do not assess BSA compliance, 2 to\n     3 years could elapse without BSA examination coverage for institutions in those states.\n   o DSC regional and field offices are inconsistent in deciding whether or when to follow up\n     on BSA violations or to take regulatory action.\n   o Numerous reports of examination described deficient BSA compliance programs but did\n     not cite violations, which we have concluded may receive less attention from bank\n     management and from the DSC in its follow-up efforts.\n   o Inconsistencies exist among DSC regional offices in deciding how to handle violations\n     related to the backfiling of CTRs.\n   o Inconsistencies exist among DSC regional offices in making referrals to the Treasury\n     Department; of the 34 referrals made by the FDIC, 28 (82 percent) were made by 1 DSC\n     regional office.\n   o All identified BSA violations have not been included and tracked in the FDIC\xe2\x80\x99s\n     automated system, ViSION, and as a result, not all BSA violations have been reported to\n     the Treasury Department.\n\nThese problems, taken collectively, represent increased risk of illegal activity going undetected\nand unreported.\n\n\n3. DSC statement:\n\xe2\x80\x9cIn 38 of the 41 cases, we found the supervisory actions to be consistent with the problems\nidentified and the risks posed by the circumstances.\xe2\x80\x9d\n\nOIG response:\nThese 38 cases included 25 institutions with repeat violations and 13 institutions that did not\nhave repeat violations. Of these 25 institutions with repeat violations, 15 institutions\n\n                                                      23\n                                  This Report Contains Confidential Information\n                 For Official Use Only                                   Restricted Information\n\x0c(60 percent) had been cited for violations of the FDIC\xe2\x80\x99s Rules and Regulations Section 326.8,\nindicating noncompliant BSA programs for multiple examinations. Ten institutions (40 percent)\nhad been cited for repeat violations related to either the Treasury Department\xe2\x80\x99s Part 103 or the\nFDIC\xe2\x80\x99s Section 353.3, indicating noncompliance with Treasury\xe2\x80\x99s reporting and recordkeeping\nrequirements related to CTRs or SARs. Many of these institutions with repeat violations were\nnot subject to any regulatory action. In our opinion, regulatory action was appropriate under\nthese circumstances.\n\n\n4. DSC statement:\n\xe2\x80\x9cThe OIG also did not look at supervisory actions taken in instances of serious BSA program\ndeficiencies, analyze the risk for money laundering in the sample institutions, have discussions\nwith examiners, or assess the BSA examination process.\xe2\x80\x9d\n\nOIG response:\nDSC has introduced matters that were not the subject of this audit. We selected a sample of\ninstitutions with BSA violations identified by FDIC examiners. We did not add to our sample\nthose institutions for which DSC considered that it had done a good job of addressing BSA\nprogram deficiencies. Similarly, we did not alter our sample to focus on institutions that DSC\nnow considers being at higher risk for illegal activities. There was no evidence to indicate that\nDSC had systematically analyzed the risks at our sample institutions. The documented risk\nanalyses provided to us after our audit had started were not contemporaneously prepared with the\nBSA examinations performed. We did not include the entire BSA compliance examination\nprogram in the scope of our audit. Therefore, we did not interview examiners or review\nexamination working papers. Those activities were not required to meet our audit objectives.\nRather, we focused on actions taken on reported violations. During the audit, however, we did\nprovide our analysis of BSA actions to DSC and requested DSC to address the questions we\nraised and provide its input on our preliminary findings. In doing so, we relied on DSC\nmanagement to enlist appropriate staff, including examiners, in providing its responses and any\nadditional evidence of supervisory actions for us to consider in reaching our conclusions.\n\n\n5. DSC statement:\n\xe2\x80\x9cWe do not concur with the OIG\xe2\x80\x99s criticism that recommendations for improvement and the\nsupporting discussion may be confused with apparent violations of the BSA.\xe2\x80\x9d\n\nOIG Response:\nThe requirements for an adequate BSA compliance program based on the FDIC\xe2\x80\x99s Rules and\nRegulations Section 326.8 are explicit. Each FDIC-supervised institution is required to develop\nand administer a program to ensure compliance with the BSA and 31 C.F.R. Part 103. The\ninstitutions\xe2\x80\x99 boards of directors must approve the compliance program in writing and in\naccordance with Section 326.8(c). The program should include four minimum requirements:\n\n        \xe2\x80\xa2   a system of internal controls to assure ongoing compliance,\n        \xe2\x80\xa2   independent testing for compliance with the BSA and 31 C.F.R. Part 103 to be\n            conducted by bank personnel or an outside party,\n\n                                                      24\n                                  This Report Contains Confidential Information\n                 For Official Use Only                                   Restricted Information\n\x0c        \xe2\x80\xa2   designation of individual(s) responsible for coordinating and monitoring compliance\n            with the BSA, and\n        \xe2\x80\xa2   training in BSA requirements for appropriate personnel.\n\nAccordingly, our position is that institutions not meeting the minimum requirements specified by\nSection 326.8 do not have an adequate BSA compliance program and have violated the BSA.\nWe noted cases in which FDIC examiners described deficiencies in institutions\xe2\x80\x99 BSA\ncompliance programs, including cases in which the programs did not meet the minimum\nrequirements outlined in Section 326.8. However, the examiners did not specifically cite the\ndeficiencies as BSA violations.\n\nWe continue to conclude that deficiencies described in the reports of examination, but not cited\nas violations in the Violations of Laws and Regulations section of the reports or recorded in\nViSION, receive less attention from bank management and/or in follow-up by the DSC.\nDocumentation provided by DSC on follow-up of examination results did not identify responses\nfrom bank management on deficiencies that were described but not cited as violations in reports\nof examination. In addition, we identified multiple examinations that described but did not cite\nviolations, allowing them to continue for extended periods. In some cases, subsequent\nexaminations cited the violation. We also noted that examiners were inconsistent in citing BSA\nviolations \xe2\x80\x93 the same violations at different institutions were being treated dissimilarly for\nexamination report purposes.\n\n\nGeneral Comments on Audit Results\n\n1. Our determination of the adequacy of follow-up for BSA violations that had been\n   cited for the sampled institutions was based on the (1) timeliness of corrective action by bank\n   management and/or follow-up by the FDIC and (2) effectiveness of follow-up in preventing\n   repeat BSA violations. We continue to conclude that it is ineffective to wait for follow-up\n   until subsequent examinations, especially when state regulatory agencies do not review BSA.\n   In addition, we continue to conclude that BSA violations, particularly repeat violations,\n   should be followed up in a timely, effective manner, regardless of an institution\xe2\x80\x99s location,\n   asset size, deposit base, familiarity with its customer base, stability of management and\n   employee base, and number of reportable transactions. Delays or inadequate follow-up can\n   send the wrong message to possible wrongdoers \xe2\x80\x93 that BSA violations receive less attention\n   at certain types of institutions, such as those that do not fit DSC\xe2\x80\x99s high-risk profile. Also,\n   more serious consideration of other forms of regulatory action, up to and including cease and\n   desist orders, is warranted.\n\n2. DSC stated that our evaluation of the adequacy of follow-up for the 41 sampled institutions\n   did not consider DSC\xe2\x80\x99s categorization of \xe2\x80\x9cBSA/AML risk profiles\xe2\x80\x9d (BSA/anti-money\n   laundering). However, according to DSC, the division did not have BSA risk-profile\n   definitions and had no plans to define BSA risk profile(s). During the audit, DSC requested\n   regional and area office officials to (1) evaluate BSA risk for the institutions included in our\n   sample so that DSC could make an evaluation of each situation and (2) focus on the\n   institutions that we identified as receiving less than \xe2\x80\x9cadequate\xe2\x80\x9d corrective action by the bank\n\n                                                       25\n                                   This Report Contains Confidential Information\n                  For Official Use Only                                   Restricted Information\n\x0cor follow-up by DSC personnel. In the regions\xe2\x80\x99 efforts to evaluate each institution and in\ncases where the audit report identified deficiencies, DSC also asked the regions to assess the\nmoney-laundering vulnerability of each institution based on factors relevant to each\ninstitution and to the specific situations we identified. We concluded that those assessments\nwere not prepared contemporaneously with the examinations, but were made only for the\npurpose of responding to our audit. Therefore, the assessments were not official\nmanagement tools to assist in planning or conducting the examinations. However, in\nreviewing information DSC provided in its official written response relative to the BSA risk\nprofiles, including whether the institutions were located in Metropolitan Statistical Areas\n(MSAs) and High Intensity Money Laundering and Related Financial Crime Areas\n(HIFCAs), we noted the following for the institutions for which regulatory actions had been\ntaken by the DSC or initiated by state regulatory agencies:\n\n   \xc2\xbe    Our review of the 41 sampled institutions identified 11 for which regulatory actions\n        had been taken. Of these 11 institutions, 9 (80 percent) were not located in MSAs\n        and 9 (80 percent) were not located in HIFCAs.\n\n   \xc2\xbe    According to the examination reports that prompted regulatory action, four\n        institutions had composite ratings of 2 and management ratings of 2. DSC\n        considered three of the four institutions to have a \xe2\x80\x9clow\xe2\x80\x9d BSA risk profile. The\n        remaining institution was located in an HIFCA.\n\n   \xc2\xbe    According to the examination reports that prompted regulatory action, four\n        institutions had composite ratings of 3 and management ratings of 3. One of the four\n        institutions was considered by the DSC to have a \xe2\x80\x9chigh\xe2\x80\x9d BSA risk profile. The\n        remaining three institutions were not located in either an MSA or HIFCA.\n\n   \xc2\xbe    According to the examination reports that prompted regulatory action, three\n        institutions had composite ratings of 4 and management ratings of 3, 4, or 5.\n\n           \xe2\x80\xa2   The one institution with a 3 management rating was issued a cease and desist\n               order; the institution was not located in either an MSA or HIFCA and had a\n               \xe2\x80\x9clow\xe2\x80\x9d BSA risk profile according to DSC.\n           \xe2\x80\xa2   The institution with a 4 management rating was issued a memorandum of\n               understanding and had a \xe2\x80\x9cmoderate/low\xe2\x80\x9d BSA risk profile according to DSC.\n           \xe2\x80\xa2   The institution with a 5 management rating was issued a determination letter\n               but had a \xe2\x80\x9clow\xe2\x80\x9d BSA risk profile according to DSC.\n\nBased on this analysis, neither the institution\xe2\x80\x99s BSA risk profile nor its location in an MSA or\nHIFCA appeared to play a significant role in determining whether to impose actions against\nthe institutions. Only 1 of the 11 institutions had a high BSA risk profile assigned by the\nDSC, and only 2 were located in HIFCAs. Additionally, actions were not imposed on\nthree institutions with repeat BSA violations which DSC identified as having a \xe2\x80\x9cmoderate\xe2\x80\x9d or\n\xe2\x80\x9cmoderate/high\xe2\x80\x9d risk profile.\n\n\n\n                                                    26\n                                This Report Contains Confidential Information\n               For Official Use Only                                   Restricted Information\n\x0c3. Our review of information provided by the DSC regarding referrals made to FinCEN for\n   FDIC-supervised institutions showed that there were 208 referrals during the audit scope\n   period of January 1, 1997 through September 30, 2003. Of those 208 referrals, DSC made\n   only 34 referrals (16 percent), and the remaining referrals were made by other sources, such\n   as FinCEN, the IRS, or the institutions themselves. As previously indicated, 28 of these 34\n   referrals were made by 1 of the 6 DSC regions.\n\n\nGeneral Comments on Audit Scope\n\n     1. We informed the DSC of our audit scope and methodology for achieving the audit\n        objective. The objective was to review a sample of BSA violations for the audit scope\n        period to determine whether DSC adequately follows up on BSA violations reported by\n        examinations of FDIC-supervised financial institutions to ensure that institutions take\n        appropriate corrective action. Accordingly, we limited the audit results and findings to\n        issues specifically related to the agreed-upon audit objective. We based our conclusions on\n        the FDIC\xe2\x80\x99s automated system data, supplemental data provided by the DSC, and our\n        review of reports of examination from both the Corporation and state regulatory agencies.\n        The FDIC did not inform us until the end of our field work that it had identified\n        inaccuracies in BSA data resident in its information systems resulting from the conversion\n        from a prior system to ViSION. For the institutions in our sample, we verified the data\n        used in this audit to the reports of examination and DSC\xe2\x80\x99s supplemental data.\n\n2.     The banks which DSC referred to in its response as \xe2\x80\x9cinactive\xe2\x80\x9d became inactive more than 12\n       months after the examinations for which BSA violations had been cited. Accordingly, we\n       did not delete those institutions from the sample selection. In addition, two other\n       institutions referenced in DSC\xe2\x80\x99s response had been deleted from our sample analyses and\n       were not included in our findings and conclusions.\n\n3.     DSC\xe2\x80\x99s comment that we did not request reports of examination for one of the sampled\n       institutions is incorrect because we made a global request for all reports of examination\n       associated with the institutions in our sample, including the FDIC's examination reports and\n       those from state regulatory agencies.\n\n4.     DSC stated that the community banks it supervises have a strong inherent deterrent to\n       money laundering because they operate in areas where bank management\xe2\x80\x99s knowledge of\n       customers is high, making criminal activity harder to disguise. This information is relevant\n       to the examination and potentially to reporting BSA violations, but not to the pursuit of\n       corrective action on known BSA violations. We did not assess how well management for\n       the 41 sampled institutions knows their customers, but limited our assessment of BSA\n       compliance to (1) results described in the examination reports and captured in ViSION and\n       (2) information on the regulatory actions imposed for noncompliance.\n\n\n\n\n                                                         27\n                                     This Report Contains Confidential Information\n                    For Official Use Only                                   Restricted Information\n\x0cDuring our audit, the FDIC did not have a corporate objective specifically related to BSA.\nHowever, in the course of preparing our final report, we became aware that such an objective\nrecently had been established. The Corporation's final 2004 Corporate Performance Objectives,\nas approved by the FDIC Chairman, includes the following objective:\n\n       Implement revised examination and enforcement strategies/guidance, as appropriate, to\n       address OIG/GAO [General Accounting Office] audit findings relating to the Bank\n       Secrecy Act, anti-money laundering programs, and counter-terrorist financing. Develop\n       and implement a communications strategy to facilitate industry understanding of newly\n       implemented regulations in these areas.\n\nWe support this objective as a positive action on the part of the Corporation because the\nobjective will prompt a concerted effort and focus attention on strengthening follow-up on\nreported BSA violations.\n\n\nDSC Responses to OIG Recommendations\n\nPresented below are DSC\xe2\x80\x99s responses to the specific recommendations made in our audit. The\nrecommendations are considered resolved, undispositioned, and open until the corrective actions\nare implemented.\n\nRecommendation 1: Re-evaluate and update examination guidance to strengthen\nmonitoring and follow-up processes for BSA violations, including:\n\n       \xe2\x80\xa2   prompt, appropriate, and consistent regulatory action in cases where\n           management action is not timely, including cease and desist orders for repeat\n           violations as appropriate;\n\n       \xe2\x80\xa2   consistent and timely follow-up of BSA violations between examinations to\n           ensure management is taking corrective action;\n\n       \xe2\x80\xa2   consistent citation and recordation of all apparent violations in reports of\n           examination and in ViSION; and\n\n       \xe2\x80\xa2   a consistent approach to the backfiling of CTRs.\n\nDSC agreed with this recommendation. By March 30, 2005, and as part of current initiatives to\nrevisit and update FDIC guidance and with inter-agency cooperation, the DSC will address\nformal supervisory actions, follow-up actions, citation of apparent violations and recordkeeping,\nand backfiling of CTRs. The DSC will also work with the FDIC Legal Division to clarify and\nupdate, as necessary, enforcement action guidance on BSA.\n\n\n\n\n                                                      28\n                                  This Report Contains Confidential Information\n                 For Official Use Only                                   Restricted Information\n\x0cRecommendation 2: Review DSC\xe2\x80\x99s implementation of the process for referring institution\nviolations of BSA to the Treasury Department, and discuss with Treasury the need to\nupdate or modify the referral guidelines based on changes in priority and approach in\nrecent years.\n\nDSC agreed with the recommendation. By year-end 2004, the DSC representative to the\nFinancial Crimes Enforcement Network\xe2\x80\x99s Bank Secrecy Act Advisory Group will introduce the\nquestion raised on referral guidelines at an upcoming meeting of the group.\n\nRecommendation 3: Coordinate with state regulatory agencies to cover BSA compliance in\nstate examinations of FDIC-supervised institutions and for those states that do not cover\nBSA compliance, develop an alternative FDIC process to address BSA compliance when\nrelying on alternating state examinations.\n\nDSC agreed with this recommendation. DSC stated that it is focused on strengthening processes\nto address variations in the state examination coverage of BSA and believes this action will\nincrease the consistency and reliability of the follow-up to its BSA examinations. DSC expects\nto complete its review and revisions to BSA guidelines and procedures for BSA coverage during\nstate examinations by March 30, 2005.\n\n\n\n\n                                                     29\n                                 This Report Contains Confidential Information\n                For Official Use Only                                   Restricted Information\n\x0c                                                                                                     APPENDIX I\n\n\n                                  OBJECTIVE, SCOPE, AND METHODOLOGY\n\nObjective\n\nThe audit objective was to determine whether the Federal Deposit Insurance Corporation (FDIC)\nDivision of Supervision and Consumer Protection (DSC) adequately follows up on reported Bank\nSecrecy Act (BSA) violations to ensure that institutions take appropriate corrective action. To\naccomplish our objective, we reviewed supervisory actions that DSC has taken to ensure\ncompliance, including efforts to follow up with bank management after examinations and the use of\nregulatory actions to prompt management action. We conducted the audit in accordance with\ngenerally accepted government auditing standards from November 2003 through January 2004.\n\n\nScope and Methodology\n\nWe held an entrance conference and conducted interviews with officials from DSC headquarters\nand DSC\xe2\x80\x99s regional and area offices. In addition, we held periodic briefings with DSC officials and\nsolicited their opinions and comments regarding the BSA violations and supervisory actions\nincluded in our review. We also interviewed officials in DSC\xe2\x80\x99s Special Activities Section who are\nresponsible, along with regional offices, for coordinating and monitoring DSC\xe2\x80\x99s field and regional\nefforts for identifying, reporting, and tracking BSA violations and issuing related enforcement\nactions.\n\nTo gain an understanding of procedures that the DSC uses to determine compliance with the BSA,\nwe reviewed the DSC Manual of Examination Policies, and various transmittals, directives, and\nguidelines issued by the FDIC or the Treasury Department. Further, we reviewed DSC memoranda\nto obtain an understanding of the processes and procedures used to identify, report, track, and\nfollow up on BSA violations. We also interviewed officials responsible for the Virtual Supervisory\nInformation On the Net system (ViSION), the automated system used by the DSC to compile\ninformation on BSA violations as well as to track these violations.\n\nWe also reviewed data from applicable FDIC automated systems; reviewed information from other\nsources, including FDIC and state reports of examination (ROEs); and analyzed DSC supplemental\ndata, including information from FDIC correspondence files and data on the overall profile of\nfinancial institutions. To determine the number and type of BSA violations identified during DSC\xe2\x80\x99s\nexaminations of FDIC-supervised institutions from January 1, 1997 to September 30, 2003, we\nobtained and reviewed ViSION data that included the following:\n\n            \xe2\x80\xa2   each institution\xe2\x80\x99s certificate number, name, and location;\n\n            \xe2\x80\xa2   dates of ROEs that reported BSA violations;\n\n            \xe2\x80\xa2   BSA violation codes, descriptions, and numbers of occurrences; and\n\n            \xe2\x80\xa2   types of violations (including repeat and nonrepeat violations).\n\n\n                                                         30\n                                     This Report Contains Confidential Information\n                    For Official Use Only                                   Restricted Information\n\x0c                                                                                                          APPENDIX I\n\nTable 4 provides a synopsis of the ViSION data, by DSC regional and area offices.\n\nTable 4: FDIC-Supervised Financial Institutions With BSA Violations From January 1, 1997 Through\nSeptember 30, 2003 and Financial Institutions With Repeat Violations Based on ViSION Data\n                          Number of Financial               Number of Financial                Percent of Regional/Area\n DSC Regional or           Institutions With                 Institutions With                 Office Institutions With\n    Area Office             BSA Violationsa                Repeat BSA Violationsb               Repeat BSA Violations\nAtlanta                            234                               44                                   19\nBoston                             142                               23                                   16\nChicago                            446                               43                                   10\nDallas                             284                               52                                   18\nKansas                             963                              205                                   21\nMemphis                            348                               68                                   20\nNew York                            72                                 3                                    4\nSan Francisco                      183                               20                                   11\nTotals                           2,672                              458                                   17\na\n Total number of financial institutions that had one or more BSA violations recorded in ViSION for examinations\ncompleted during the period noted.\nb\n  Total number of financial institutions that had one or more BSA violations recorded in ViSION for examinations\ncompleted during the noted period, with at least one of those violations identified as a repeat violation.\n\nSource: OIG review of ViSION data on BSA violations for the noted period.\n\n\n\nBased on the ViSION data, we selected a random sample19 from the universe of BSA violations and\na judgment sample of repeat violations. Of the total 2,672 financial institutions for which BSA\nviolations had been reported in ViSION, we reviewed 41 institutions in detail. The random sample\nconsisted of 22 institutions selected from the 8 DSC regional or area offices, and the other\n19 institutions consisted of a judgment sample of institutions with repeat violations. Of those\n19 institutions, we confirmed that 18 had repeat violations. The random sample of 22 institutions\nalso included 9 institutions with repeat violations so that, in total, 27 institutions with repeat\nviolations were in our sample. Table 5 provides a breakdown of those 41 institutions, by FDIC\noffice.\n\n\n\n\n19\n  From the random sample of institutions with BSA violations, we judgmentally selected three institutions from each\nregional and area office for detailed review. We restricted the sample size to three rather than five due to the constricted\ntime frame to complete the audit. The selection of those institutions for review was based strictly on the randomly\ngenerated numbers without giving any consideration for the institutions\xe2\x80\x99 violations recorded in ViSION or demographic\ninformation. We later made adjustments to the number of randomly selected institutions reviewed as shown in Table 5.\n                                                            31\n                                        This Report Contains Confidential Information\n                       For Official Use Only                                   Restricted Information\n\x0c                                                                                                       APPENDIX I\n\n\nTable 5: Financial Institutions Selected for Review\n    DSC Regional         Universe of               Number of Financial Institutions Included in OIG Sample\n    or Area Office   Financial Institutions   Initial Selection    Number of Deleted           Total Included in\n                     With BSA Violations                               Institutions*             OIG Analyses\nAtlanta                       234                      6                     0                         6\nBoston                        142                      6                     4                         2\nChicago                       446                      6                     0                         6\nDallas                        284                      6                     0                         6\nKansas City                   963                      6                     0                         6\nMemphis                       348                      6                     0                         6\nNew York                      72                       6                     2                         4\nSan Francisco                 183                      6                     1                         5\nTotal                        2,672                    48                     7                        41\n*\n Includes financial institutions that (1) became inactive or merged with another institution less than 12 months after\nBSA violations were identified, (2) were cited for BSA violations in examinations conducted less than 12 months before\nthe end of the audit scope period, and (3) were determined not to be institutions with repeat violations, which was the\ninitial basis for their selection.\n\nSource: OIG review of ViSION data on BSA violations for the period January 1, 1997 through September 30, 2003;\nand FDIC institution directory information on the status of financial institutions.\n\n\n\nOur specific objectives in reviewing the sampled financial institutions were to determine:\n\n      \xe2\x80\xa2   the types of BSA violations identified during examinations;\n\n      \xe2\x80\xa2   the types of corrective actions that financial institution management implemented or the\n          supervisory actions FDIC pursued for BSA violations;\n\n      \xe2\x80\xa2   differences in the type of BSA violations and actions recorded in ViSION and in the ROEs;\n          and\n\n      \xe2\x80\xa2   whether enforcement actions were recorded in the FDIC\xe2\x80\x99s Formal and Informal Action\n          Tracking system20 (FIAT) for BSA violations identified for the sampled institutions.\n\nIn addition, we requested that DSC provide all ROEs for the sampled 41 financial institutions for\nthe period January 1, 1997 through September 30, 2003. Nine of those ROEs were not available for\nreview, primarily for examinations conducted January 1, 1997 through December 31, 1999, because\nthe ROEs either had been archived and were not retrieved or were state examination reports that had\nnot been retained and, therefore, were not available. Because the FDIC and state regulatory\nagencies usually alternated examination responsibilities and may occasionally conduct joint\nexaminations, we also requested and reviewed available state examination reports for the sampled\nfinancial institutions for the same period. We reviewed 200 ROEs\xe2\x80\x94128 ROEs from the FDIC and\n72 ROEs from state regulatory agencies.\n\n20\n FIAT is the FDIC\xe2\x80\x99s system for tracking the status of informal supervisory actions and formal enforcement actions. In\nconjunction with reviewing information from FIAT, we also reviewed FDIC\xe2\x80\x99s Formal and Informal Action Procedures\nManual.\n                                                           32\n                                       This Report Contains Confidential Information\n                      For Official Use Only                                   Restricted Information\n\x0c                                                                                                    APPENDIX I\n\nTo determine the number and type of regulatory actions related to BSA in general and specifically\nfor our sampled institutions, we reviewed reports on formal and informal actions recorded in FIAT\nand supplemental information that DSC provided. We also discussed the FDIC\xe2\x80\x99s position on the\ncircumstances for which the FDIC might consider formal or informal actions for BSA violations.\n\nWe provided specific questions on the BSA violations to DSC officials and requested that they\nprovide supplemental information on (1) related corrective actions taken by bank management or\nregulatory actions imposed by the FDIC and (2) follow-up activities conducted by the FDIC on\nthose violations. For those institutions that were cited for BSA violations related to the filing of\nCurrency Transaction Reports (CTR), we used the FDIC\xe2\x80\x99s CTR Backfiling Request report for the\nperiod January 1, 1999, through September 30, 2003, in conjunction with supplemental information\nfrom DSC, to determine whether CTRs had been filed for the previously cited violations. Because\nDSC examiners were not required to track BSA violations related to Suspicious Activity Reports\n(SAR) in the FDIC\xe2\x80\x99s ViSION system prior to October 2003, our review of SAR violations was\nlimited to information obtained from ROEs provided to us for the sampled institutions.\n\nOur verification of computer-processed data was limited to comparing data obtained from ViSION\nto data reported in the ROEs and DSC\xe2\x80\x99s supplemental information. We identified inconsistencies in\nsome of the ViSION data when compared to the ROEs and supplemental information. According to\nDSC officials, the March 2003 conversion from a prior system to ViSION may have led to\nincomplete records in ViSION for information predating the conversion, and system data entered\nprior to the conversion may not be fully complete or accurate because edit checks were less\nthorough in the previous system. To compensate for these inconsistencies, we based our\nobservations on a pooling of the data available from multiple hardcopy and electronic sources and\ndid not rely on any one source except in making our initial sample selection from the data in\nViSION. However, we did not validate DSC\xe2\x80\x99s assertions and there is a risk that our audit\nprocedures may not have identified instances, if any, where violations were not included in the prior\nsystem and thus not reported to Treasury.\n\n\nManagement Controls Reviewed\n\nWe gained an understanding of the management control activities associated with the identification,\nreporting, and tracking of BSA violations by reviewing DSC\xe2\x80\x99s policies and examination procedures\nand by performing limited testing of ViSION data. Additionally, we reviewed FDIC\xe2\x80\x99s\nresponsibilities as a financial institution supervisor related to the following:\n\n   \xe2\x80\xa2   The Bank Secrecy Act of 1970, codified to 31 U.S.C. Section 5311 et seq. (BSA), also\n       known as the Currency and Foreign Transactions Reporting Act.\n\n   \xe2\x80\xa2   Code of Federal Regulations (C.F.R.), Title 31\xe2\x80\x94Money and Finance; Subtitle B\xe2\x80\x94\n       Regulations Relating to Money and Finance; Chapter 1\xe2\x80\x94Monetary Offices, Department of\n       the Treasury; Part 103\xe2\x80\x94Financial Recordkeeping and Reporting of Currency and Foreign\n       Transactions, the BSA\xe2\x80\x99s implementing regulations.\n\n\n\n                                                        33\n                                    This Report Contains Confidential Information\n                   For Official Use Only                                   Restricted Information\n\x0c                                                                                                   APPENDIX I\n\n   \xe2\x80\xa2   Section 8(s) of the FDI Act, codified to 12 U.S.C. 1818(s), which requires each federal\n       banking agency, including the FDIC, to (a) prescribe regulations requiring insured\n       depository institutions to establish and maintain procedures reasonably designed to ensure\n       and monitor compliance with the BSA, (b) review such procedures during their\n       examinations of these institutions, and (c) enforce compliance with the BSA monetary\n       transaction recordkeeping and report requirements.\n\n   \xe2\x80\xa2   Section 326.8(b) of the FDIC\xe2\x80\x99s Rules and Regulations, codified to 12 C.F.R. Section 326.8,\n       which requires each FDIC-supervised institution to develop and administer a program to\n       ensure compliance with the BSA and 31 C.F.R Part 103.\n\n   \xe2\x80\xa2   The FDIC Rules and Regulations 12 C.F.R. Part 353 related to the filing of Suspicious\n       Activity Reports.\n\n   \xe2\x80\xa2   Title 12 U.S.C. 1829b, the recordkeeping requirements for insured financial institutions.\n\nDuring our review, we identified actions that DSC could take to improve management controls over\nthe corrective action process for BSA violations, as described under Results of Audit.\n\n\nGovernment Performance and Results Act\n\nWe reviewed DSC\xe2\x80\x99s performance measures under the Government Performance and Results Act,\nPublic Law 103-62 (GPRA). We determined that the FDIC did not have a corporate performance\nobjective specifically related to the BSA. However, according to the FDIC\xe2\x80\x99s 2003 Annual\nPerformance Plan and as shown in Table 6 on the next page, the FDIC has established the\nfollowing strategic goal and objective and annual performance goals related to its supervision and\nexamination responsibilities that include BSA in general.\n\n\n\n\n                                                       34\n                                   This Report Contains Confidential Information\n                  For Official Use Only                                   Restricted Information\n\x0c                                                                                                      APPENDIX I\n\n\nTable 6: Performance Measures Related to Supervision and Examinations\n\n    STRATEGIC GOAL                     STRATEGIC OBJECTIVE                                 ANNUAL\n                                                                                 PERFORMANCE GOALS\nFDIC-supervised institutions          FDIC-supervised institutions              Conduct on-site safety and\nare safe and sound.                   appropriately manage risk.                soundness examinations to\n                                                                                assess an FDIC-supervised\n                                                                                insured depository\n                                                                                institution\xe2\x80\x99s overall financial\n                                                                                condition, management\n                                                                                practices and policies, and\n                                                                                compliance with applicable\n                                                                                regulations.\n\n                                                                                Take prompt supervisory\n                                                                                actions to address problems\n                                                                                identified during the FDIC\n                                                                                examination of FDIC-\n                                                                                supervised institutions\n                                                                                identified as problem insured\n                                                                                depository institutions.\n\n                                                                                Monitor FDIC-supervised\n                                                                                insured depository\n                                                                                institutions\xe2\x80\x99 compliance with\n                                                                                formal and informal\n                                                                                enforcement actions.\nSource: Federal Deposit Insurance Corporation 2003 Annual Performance Plan.\n\n\n\nFraud and Illegal Acts\n\nThe limited nature of the audit objective did not require that we assess the possibility for fraud and\nillegal acts. Although we were alert to the possibility of fraud and illegal acts, no instances came to\nour attention.\n\nPrior Audit Coverage\n\nWe reviewed the OIG\xe2\x80\x99s audit report entitled Examination Assessment of Bank Secrecy Act\nCompliance (Audit Report Number 01-013, dated March 30, 2001) to obtain an understanding of\nprevious OIG audit work related to the BSA. The objective of that audit was to determine the\nextent to which FDIC safety and soundness examinations reviewed institutions\xe2\x80\x99 compliance with\nthe BSA. As a result of that audit, the OIG recommended improvements in the FDIC\xe2\x80\x99s\ndocumentation of work related to the BSA. FDIC officials generally concurred with the OIG\xe2\x80\x99s\nrecommendations and agreed to implement procedures or issue guidance to address the OIG\xe2\x80\x99s\n\n\n                                                          35\n                                      This Report Contains Confidential Information\n                     For Official Use Only                                   Restricted Information\n\x0c                                                                                                    APPENDIX I\n\nconcerns. We did not follow up on these recommendations or assess the adequacy of BSA\nexamination procedures and documentation during this current audit.\n\nIn addition, we coordinated with the U.S. General Accounting Office to determine whether there\nwere any previous or ongoing audits or reviews related to BSA violations by FDIC-supervised\ninstitutions and associated supervisory actions. We also reviewed the applicable section of the DSC\nRegional Office Review Program to determine whether regional office reviews cover BSA\nviolations and BSA-related enforcement actions. Based on these actions, we determined that except\nfor the FDIC OIG\xe2\x80\x99s BSA-related report noted above, there was no prior or ongoing work related to\nthe objective of this audit. In addition, we contacted the OIG Counsel\xe2\x80\x99s office to obtain information\nrelated to statutory requirements and analysis of enforcement authority for the Treasury Department\nand the FDIC.\n\nWe also reviewed Treasury Department Web sites to obtain information on the BSA and a\nSeptember 2003 report entitled OTS: Enforcement Actions Taken for Bank Secrecy Act Violations,\nwhich was prepared by the Treasury Department OIG on the Office of Thrift Supervision\xe2\x80\x99s BSA\nenforcement.\n\nDuring this audit, we did not do the following:\n\n          \xe2\x80\xa2   Determine the adequacy of the examinations that identified the BSA violations.\n\n          \xe2\x80\xa2   Review the underlying workpapers generated by DSC examiners or interview the\n              field office supervisors or examination staff responsible for examining the institutions\n              included in our sample.\n\n          \xe2\x80\xa2   Interview state banking authorities regarding their ROEs or BSA coverage.\n\n\n\n\n                                                        36\n                                    This Report Contains Confidential Information\n                   For Official Use Only                                   Restricted Information\n\x0c                                                                                                                                             APPENDIX II\n\n\n                          FDIC RULES AND REGULATIONS (12 C.F.R. Section 326.8) ON BSA COMPLIANCE AND\n                                    FDIC GUIDELINES FOR MONITORING COMPLIANCE WITH SECTION 326.8\nSection 326.8(b)(1)   Requires that on or before April 27, 1987, each bank shall develop a BSA compliance program and provide for the continued administration of\n                      such a program.\n\nSection 326.8(b)(1)   Requires that the BSA compliance program shall be in writing, approved by the board of directors, and noted in the minutes.\n\n\nSection 326.8(c)(1)  Requires that the written BSA compliance program provide for a system of internal controls to assure ongoing compliance by:\n                          \xc2\xbe identifying all reportable transactions;\n                          \xc2\xbe ensuring that all required reports are completed accurately and properly filed;\n                          \xc2\xbe ensuring that customer exemptions are properly granted and recorded;\n                          \xc2\xbe providing for adequate supervision of employees who accept currency transactions, complete reports, grant exemptions, or engage in\n                              any other activity covered by 31 C.F.R. Part 103; and\n                          \xc2\xbe establishing dual controls and providing for separation of duties.\nSection 326.8(c)(2) Requires that the written BSA compliance program provide for a system of independent testing for compliance by bank personnel or by an\n                     outside party. Independent testing should:\n                          \xc2\xbe be conducted at least annually, preferably by the internal audit department, outside auditors, or consultants; and\n                          \xc2\xbe include, at a minimum:\n                                   \xe2\x80\xa2 a test of the institution\xe2\x80\x99s internal procedures for monitoring compliance with the BSA,\n                                   \xe2\x80\xa2 a sampling of large currency transactions followed by a review of CTR filings,\n                                   \xe2\x80\xa2 a test of the validity and reasonableness of the customer exemptions granted,\n                                   \xe2\x80\xa2 a test of the institution\xe2\x80\x99s recordkeeping system for BSA compliance, and\n                                   \xe2\x80\xa2 documentation of the scope of the testing procedures performed and the findings.\nSection 326.8(c)(3) Requires that the written BSA compliance program must provide for the designation of an individual or individuals to coordinate and monitor\n                     day-to-day compliance. To meet the minimum requirement:\n                          \xc2\xbe each financial institution must designate a senior bank official to be responsible for overall BSA compliance, and\n                          \xc2\xbe another individual should be designated responsible for the day-to-day compliance.\nSection 326.8(c)(4) Requires that the written BSA compliance program provide for the training of appropriate personnel. At a minimum, a financial institution\xe2\x80\x99s\n                     training program must:\n                          \xc2\xbe provide training of all personnel whose duties may require knowledge of the BSA, including, but not limited to, tellers, new accounts\n                              personnel, lending personnel, bookkeeping personnel, and wire room personnel;\n                          \xc2\xbe provide an overview of the BSA to new employees; and\n                          \xc2\xbe include efforts to keep executives informed of changes and new developments in BSA regulation.\nSource: OIG review of FDIC Rules and Regulations, Subpart B of Part 326, and DSC Memorandum 6462.10, entitled Guidelines for Monitoring Bank Secrecy\nAct Compliance, dated August 1, 1996.\n\n\n\n                                                                               37\n                                                           This Report Contains Confidential Information\n                                          For Official Use Only                                   Restricted Information\n\x0c                                                                                                             APPENDIX III\n\n            CONTROL AND PERFORMANCE STANDARDS AND ASSOCIATED RISKS\n\n                       STANDARDS                                                      ASSOCIATED RISKS\n                                             MANAGEMENT AND CONTROL\n\nThe Board [the bank\xe2\x80\x99s board of directors] establishes             Inadequate anti-money laundering and Know Your Customer\nadequate policies and procedures in accordance with anti-         policies and procedures could involve the bank and senior\nmoney laundering laws and regulations.                            management in criminal activity and result in possible\n                                                                  regulatory action.\nThe board establishes adequate \xe2\x80\x9cKnow Your Customer\xe2\x80\x9d\nPolicies.                                                         The bank faces possible damage to its reputation if its name is\n                                                                  associated with money laundering.\n\nInternal reviews and audits are sufficient to identify            Management may inadequately identify, communicate, and\ndeficiencies in the BSA program, and reports are provided         correct deficiencies.\ndirectly to senior management and the board.\n                                                                  Failure to detect existing or emerging problems could result in\n                                                                  non-compliance with internal policies and applicable rules\n                                                                  and regulations.\n\nManagement develops a system to identify large currency           Management\xe2\x80\x99s detection of possible money laundering and\ndeposits, including numerous small deposits that when             suspicious activities may be impeded by a weak identification\naggregated, exceed the reporting threshold.                       system.\n\nManagement identifies, investigates, and reports suspicious       A weak identification system may result in inadequate\ntransactions.                                                     reporting to the board and regulatory authorities.\n\nThe board assigns responsibility for ongoing compliance with      An inadequate or poorly trained staff could result in non-\nthe BSA and financial recordkeeping regulations (31 C.F.R.        compliance with policies and regulations and the possible use\n103) to a qualified and knowledgeable staff.                      of bank services for money laundering activities.\n\n\n                       STANDARDS                                                      ASSOCIATED RISKS\n                                                      PERFORMANCE\n\nEmployees comply with written guidelines and policies.            Regulatory violations and money laundering may occur if\n                                                                  procedures are not followed.\n\n\n\nManagement addresses previously identified criticisms, which      Continuing deficiencies or violations can lead to enforcement\ninclude implementing procedures to correct apparent               action.\nviolations and adhering to the mandatory compliance\nprogram.\n\nManagement files required reports, including CTRs and             Violations can result in monetary fines and penalties.\nSARs, accurately and in a timely manner.\n                                                                  Possible money laundering activities may not be detected.\n\n\nSource: DSC Transmittal 98-096, Bank Secrecy Act (BSA) Examination Procedures, dated December 7, 1998, as\nsupplemented by interim guidance in Transmittal 03-042, Bank Secrecy Act Examination Procedures, dated August 15, 2003.\n\n\n\n\n                                                               38\n                                           This Report Contains Confidential Information\n                          For Official Use Only                                   Restricted Information\n\x0c                                                                                                                     APPENDIX IV\n\n           AUTHORITY TO TAKE ENFORCEMENT ACTIONS FOR BSA VIOLATIONS\n                                                          TREASURY DEPARTMENT\n\n   12    Requires the maintenance of appropriate types of records by insured depository institutions where such records would have a\n U.S.C.  high degree of usefulness in criminal, tax, or regulatory investigations or proceedings. The Secretary of the Treasury is\n 1829b   authorized to prescribe regulations to carry out these purposes under this section. Subsection (j) of this section imposes civil\n         penalties on any insured depository institution, officer, or employee of such institution who willfully or negligently violates\n         the regulations prescribed under this section. The penalties assessed under this section will be carried out according to 31\n         U.S.C. 5321(b) and (c).\n    31   Authorizes the Secretary of the Treasury to promulgate regulations requiring the reporting of certain monetary transactions.\n U.S.C. Under 31 U.S.C. 5318, the Secretary of the Treasury is authorized to require a class of domestic financial institutions, trades,\n 5311 et or businesses to maintain appropriate procedures to ensure compliance with Subchapter II (Records and Reports on\n   seq.  Monetary Instruments Transactions) of Chapter 53; examine any books, papers, records, or other data of domestic financial\n         institutions, trades, or business relevant to the recordkeeping or reporting requirements of the subchapter; summon a\n         financial institution, trade or business to appear before the Secretary and give testimony under oath; and prescribe an\n         appropriate exemption from a requirement of the subchapter, but only in connection with investigations for the purpose of\n         civil enforcement violations of the subchapter and 12 U.S.C. 1829b, etc. Under 31 U.S.C. 5318, the Secretary may require\n         any financial institution and any director, officer, employee, or agent to report any suspicious transaction relevant to a\n         possible violation of law.\n    31   The Secretary may require any financial institution and any director, officer, employee, or agent to report any suspicious\n U.S.C. transaction relevant to a possible violation of law.\n  5318\n    31   The Secretary may bring a civil action to enjoin a violation or enforce compliance against a person believed to have violated\n U.S.C. the laws or regulations of Chapter 53, Subchapter II.\n  5320\n    31   Authorizes the imposition of civil money penalties by the Secretary of the Treasury for willful violations of Subchapter II,\n U.S.C. specifically 31 U.S.C. 5314, 5316, 5318, 5318A, and 5324; and negligent violations of any section of Chapter 53. The range\n 5321(a) of civil money penalties that may be imposed by the Department of the Treasury is outlined in 31 C.F.R. 103.57.\n    31   The Secretary is to delegate authority to the appropriate Federal Banking Agencies to assess a civil money penalty under this\n U.S.C. section on depository institutions. The Department of the Treasury is proposing rulemaking that would delegate to the\n 5321(e) appropriate Federal banking regulatory agencies, as required by 31 U.S.C. 5321(e), the authority to assess civil money\n         penalties on depository institutions for violations of the BSA. The regulation would prescribe the parameters of the\n         delegated authority.\n    31   Overall authority for enforcement and compliance, including coordination and direction of procedures and activities of all\n C.F.R. agencies exercising delegated authority under Part 103, is delegated to the Assistant Secretary of the Treasury\n 103.56 (Enforcement). Authority to examine institutions for compliance with Part 103 is delegated to the Federal Banking\n         Agencies and to other agencies for institutions not regulated by the Federal Banking Agencies. Authority for the imposition\n         of civil penalties is delegated to the Assistant Secretary for Enforcement. The authority to enforce the provisions of 31\n         U.S.C. 5314 and 31 C.F.R. 103.24 and 103.32 has been redelegated from Treasury\xe2\x80\x99s Financial Crimes Enforcement\n         Network (FinCEN) to the Internal Revenue Service by means of a Memorandum of Agreement. Such authority includes the\n         authority to: assess and collect civil penalties under 31 U.S.C. 5321 and 31 C.F.R. 103.57; investigate possible civil\n         violations of these provisions; employ the summons power of Subpart F of Part 103; issue administrative rulings under\n         Subpart G of Part 103; and take any other action reasonably necessary for the enforcement of these and related provisions,\n         including pursuit of injunctions.\n\n                                            FEDERAL DEPOSIT INSURANCE CORPORATION\n\n   12      If the appropriate Federal Banking Agency determines that an insured depository institution has failed to establish or\n U.S.C.    maintain BSA procedures or failed to correct any problem with the procedures previously reported, the agency shall issue\n 1818(s)   an enforcement order requiring the institution to cease and desist from its violation. The FDIC is authorized under\n   (3)     12 U.S.C. 1818(i)(2)(ii) to impose a civil penalty of not more than $5,000 per day for violations of final or temporary orders\n           issued pursuant to 12 U.S.C. 1818(s).\n\nSource: Analysis by OIG Counsel\xe2\x80\x99s office.\n\n\n\n\n                                                                 39\n                                          This Report Contains Confidential Information\n                         For Official Use Only                                   Restricted Information\n\x0c                                                                                                   APPENDIX V\n\n      BSA VIOLATIONS REPORTED FOR 41 SAMPLED FINANCIAL INSTITUTIONS\nBANK        PART 103        SECTION 326.8       REPEAT BSA VIOLATION                REGULATORY ACTION\n\n1.             No                 Yes                       Yes                 No\n2.             Yes                No                        No                  No\n3.             No                 Yes                       Yes                 No\n4.             Yes                Yes                       Yes                 Memorandum of Understanding\n                                                                                Bank Board Resolution\n5.                Yes                 No                          No            No\n6.                Yes                Yes                         Yes            No\n7.                Yes                 No                          No            No\n8.                Yes                Yes                          No            Memorandum of Understanding\n9.                Yes                 No                          No            No\n10.               Yes                 No                         Yes            No\n11.               Yes                Yes                         Yes            No\n12.               No                 Yes                         Yes            No\n13.               Yes                 No                          No            No\n14.               Yes                Yes                         Yes            Memorandum of Understanding\n15.               Yes                Yes                         Yes            Memorandum of Understanding\n16.               Yes                 No                          No            No\n17.               Yes                Yes                         Yes            No\n18.               No                 Yes                          No            No\n19.               Yes                Yes                         Yes            State Determination Letter\n20.               Yes                Yes                         Yes            No\n21.               Yes                Yes                          No            No\n22.               Yes                Yes                         Yes            Bank Board Resolution\n23.               Yes                Yes                         Yes            No\n24.               Yes                 No                         Yes            No\n25.               Yes                Yes                         Yes            No\n26.               Yes                Yes                         Yes            No\n27.               Yes                Yes                         Yes            No\n28.               Yes                Yes                         Yes            No\n29.               Yes                Yes                         Yes            Bank Board Resolution\n30.               Yes                 No                          No            No\n31.               Yes                Yes                          No            No\n32.               Yes                Yes                         Yes            No\n33.               No                 Yes                          No            No\n34.               Yes                 No                          No            No\n35.               Yes                 No                        Yes*            Bank Board Resolution\n36.               Yes                Yes                         Yes            No\n37.               Yes                Yes                         Yes            Cease and Desist Order\n38.               Yes                Yes                        Yes*            Memorandum of Understanding\n39.               Yes                Yes                         Yes            Memorandum of Understanding\n40.               Yes                 No                          No            No\n41.               No                 Yes                         Yes            No\n           Yes=35 No=6         Yes=29 No=12               Yes=27 No=14\n*Repeat status is based on Suspicious Activity Report violations.\nSource: OIG review of ViSION and ROE data and supplemental information provide by DSC.\n\n\n\n\n                                                       40\n                                   This Report Contains Confidential Information\n                  For Official Use Only                                   Restricted Information\n\x0c                                                                                                                                                              APPENDIX VI\n                    SUMMARY OF BSA VIOLATIONS BY TYPE OF VIOLATION FOR 41 SAMPLED FINANCIAL INSTITUTIONS\n                                 Number of\n   Violation        Violation Institutions With\n   Category          Code        Violations                         Description of Violation\n Treasury\xe2\x80\x99s\n 31 C.F.R.\n Part 103\n                      60000                  22             Failure to file CTR for nonexempted transactions over $10,000\n                      65000                  16             Failure to maintain records on sales of monetary instruments of $3,000 through $10,000\n                      63001                  14             Failure to furnish information required in CTR\n                      63000                  13             Untimely filing of CTR or failure to retain CTR for 5 years\n                      60001                  10             Failure to treat multiple transactions totaling over $10,000 as a single transaction\n                      64000                  7              Failure to follow [customer] identification procedures or failure to record identification method\n                      60004                   5             Failure to properly exempt a domestic insured financial institution\n                      60002                  4              Improper designation of exempt person\n                      60007                  4              Failure to file CTR for transactions of an agent of an exempt person\n                      60006                  3              Failure to document monitoring of exempt person transactions\n                      60003                   2             Failure to file designation of exempt person form\n                      60005                  2              Failure to perform annual review of exempt person\n                      67000                  2              Failure to obtain Taxpayer Identification Number (TIN) or keep list of customers with missing TINs\n                      62000                  1              Failure to report foreign financial accounts\n                      65002                  1              Failure to retain records of cash purchases of monetary instruments for 5 years\n                      68000                  1              Failure to retain required records for 5 years\n\n FDIC\xe2\x80\x99s\n 12 C.F.R.            80004                  16             Lack of independent testing of BSA compliance\n Section 326.8        80000                  15             Failure to develop or implement adequate BSA Compliance Program\n                      80003                  10             Inadequate system of internal controls for BSA compliance\n                      80006                  7              Failure to provide adequate BSA training\n                      80005                  4              Failure to designate individual(s) responsible for BSA compliance\n\nSource: OIG review of BSA violations identified in ROEs for the sampled 41 institutions for the period January 1, 1997 through September 30, 2003 and DSC Transmittal\nNo. 03-048, dated October 20, 2003, entitled Bank Secrecy Act Examination Violation Codes.\n\nNote: Most institutions had multiple violations and, accordingly, the noted violations will not total 41. In addition, when differences were identified between the violation code\nrecorded in ViSION and the description of the violation cited in the ROE, we used the ROE description. Accordingly, totals shown will not match totals shown in ViSION data.\nSome violations were \xe2\x80\x9cgrouped\xe2\x80\x9d because there was no specific violation code included in DSC\xe2\x80\x99s guidance on BSA violation codes for those violations. Some sampled institutions\nalso had violations related to Suspicious Activity Reports. However, because there was no specific code related to SAR violations, they were not captured in ViSION and are not\nincluded in this table.\n\n\n\n                                                                                        41\n                                                                   This Report Contains Confidential Information\n                                                  For Official Use Only                                   Restricted Information\n\x0c                                                                                               APPENDIX VII\n\n                                             ACRONYMS\n\nBBR                 Bank Board Resolution\n\nBSA                 Bank Secrecy Act\n\nC&D                 Cease and Desist Order\n\nC.F.R.              Code of Federal Regulations\n\nCMP                 Civil Money Penalties\n\nCTR                 Currency Transaction Report\n\nDSC                 Division of Supervision and Consumer Protection (formerly the Division of\n                    Supervision)\n\nFDI Act             Federal Deposit Insurance Act\n\nFDIC                Federal Deposit Insurance Corporation\n\nFIL                 Financial Institution Letter\n\nFinCEN              Financial Crimes Enforcement Network\n\nFIAT                Formal and Informal Action Tracking System\n\nHIFCA               High Intensity Money Laundering and Related Financial Crime Area\n\nMOU                 Memorandum of Understanding\n\nMSA                 Metropolitan Statistical Area\n\nOIG                 Office of Inspector General\n\nROE                 Report of Examination\n\nSAR                 Suspicious Activity Report\n\nPATRIOT Act         USA PATRIOT Act\n\nU.S.C.              United States Code\n\nViSION              Virtual Supervisory Information on the Net\n\n\n\n\n                                                   42\n                               This Report Contains Confidential Information\n              For Official Use Only                                   Restricted Information\n\x0c                                                                                                         APPENDIX VIII\n\n\n\n                                               GLOSSARY\n\n           Term                                                      Definition\n                                    Bank board resolutions (BBRs) are informal commitments,\n                                    developed and adopted by a financial institution\xe2\x80\x99s board of directors\n                                    (often at the request of the FDIC), directing the institution\xe2\x80\x99s\n                                    personnel to take corrective action regarding specific noted\nBank Board Resolutions              deficiencies. BBRs may also be used as a tool to strengthen and\n                                    monitor the institution\xe2\x80\x99s progress with regard to a particular\n                                    component rating or activity. The FDIC is not a party to these\n                                    resolutions but may approve and accept them as a means of initiating\n                                    corrective action.\n                                    Codified at 31 U.S.C. 5311-5330 and gives the Treasury Department\n                                    broad powers to implement anti-money laundering regulations for\n                                    financial institutions; such regulations are implemented by the\n                                    Treasury Department through 31 C.F.R. Part 103. The Act consists\n                                    of two Titles: Title I, Financial Recordkeeping, and Title II, Reports\nThe Bank Secrecy Act (BSA)          of Currency and Foreign Transactions. Title I authorizes the\nof 1970                             Treasury Department to issue regulations requiring insured financial\n                                    institutions to maintain certain records related to financial\n                                    transactions. Title II directs the Treasury Department to prescribe\n                                    regulations governing the reporting of certain transactions by and\n                                    through financial institutions in excess of $10,000 into, out of, and\n                                    within the United States.\n                                    A report of completed BSA examinations with violations for a\n                                    specific time period. The report is broken down by region and\n                                    includes the certificate number, institution name, city, state,\nBSA Regional Report\n                                    examination date, examiner-in-charge, violation code, violation\n                                    description, number of violations, BSA hours, systemic or repeated\n                                    violations, and action code.\n                                    Cease and desist orders authorized by Section 8(b) of the FDI Act\n                                    may be issued to prevent or halt violations of a law, rule, regulation,\nCease and Desist Orders\n                                    or written agreement with the FDIC; written condition imposed by\n                                    the FDIC; or unsafe or unsound practices.\n                                    Civil money penalties (CMPs) can be imposed on financial\n                                    institutions for violations of: final and temporary orders, written\n                                    agreements with the FDIC, laws and regulations, and breaches of\n                                    fiduciary duty. The Financial Institutions Regulatory and Interest\n                                    Rate Control Act of 1978 granted the FDIC authority to levy CMPs\nCivil Money Penalties\n                                    against both insured financial institutions and individuals for\n                                    violations of statutes. The Financial Institutions Reform, Recovery,\n                                    and Enforcement Act of 1989 broadened the scope of conduct for\n                                    which CMPs can be assessed and significantly increased the amount\n                                    of the permissible penalties.\n\n\n\n\n                                                             43\n                                         This Report Contains Confidential Information\n                        For Official Use Only                                   Restricted Information\n\x0c                                                                                                        APPENDIX VIII\n\n\n                                              GLOSSARY\n\n           Term                                                     Definition\n                                   Each financial institution is assigned a composite rating based on an\n                                   evaluation and rating of six essential components of an institution\xe2\x80\x99s\n                                   financial condition and operations. These component factors address\n                                   the adequacy of capital, the quality of assets, the capability of\n                                   management, the quality and level of earnings, the adequacy of\n                                   liquidity, and the sensitivity to market risk. Evaluations of the\n                                   components take into consideration the institution\xe2\x80\x99s size and\nComposite Rating\n                                   sophistication, the nature and complexity of its activities, and the\n                                   risk profile. Composite ratings are assigned based on a 1 to 5\n                                   numerical scale. A 1 indicates the highest rating, strongest\n                                   performance and risk management practices, and least degree of\n                                   supervisory concern, while a 5 indicates the lowest rating, weakest\n                                   performance, inadequate risk management practices and, therefore,\n                                   the highest degree of supervisory concern.\n                                   The FDIC may issue informal or formal actions against a financial\n                                   institution to obtain correction of noted safety and soundness or\n                                   compliance deficiencies. Those actions may be informal or formal.\n                                     \xe2\x80\xa2   Informal actions are voluntary commitments made by an\n                                         insured financial institution\xe2\x80\x99s board of directors. Such actions\n                                         are designed to correct noted safety and soundness deficiencies\n                                         or ensure compliance with federal and state banking laws.\n                                         Informal actions are not legally enforceable and are not\nCorrective Actions\n                                         disclosable to the public.\n                                     \xe2\x80\xa2   Formal actions are notices or orders issued by the FDIC against\n                                         insured financial institutions and/or individuals. Their purpose\n                                         is to correct noted safety and soundness deficiencies, ensure\n                                         compliance with federal and state banking laws, assess civil\n                                         money penalties, and/or pursue removal proceedings. Formal\n                                         actions are legally enforceable. Final formal orders are\n                                         available to the public after issuance.\n                                   A financial institution in the United States generally must file a\n                                   currency transaction record for each transaction in currency over\n                                   $10,000. A transaction in currency is any transaction involving the\nCurrency Transaction               physical transfer of currency from one person to another and covers\nReport                             deposits, withdrawals, exchanges, or transfers of currency or other\n                                   payments. Currency is defined as currency and coin of the United\n                                   States or any other country as long as it is customarily accepted as\n                                   money in the country of issue.\n\n\n\n\n                                                            44\n                                        This Report Contains Confidential Information\n                       For Official Use Only                                   Restricted Information\n\x0c                                                                                                      APPENDIX VIII\n\n\n                                            GLOSSARY\n\n           Term                                                   Definition\n                                 The Department of the Treasury\xe2\x80\x99s mission is to (1) promote\n                                 prosperous and stable American and world economies, (2) manage\n                                 the Government\xe2\x80\x99s finances, (3) safeguard our financial systems, (4)\n                                 protect our Nation\xe2\x80\x99s leaders, (5) secure a safe and drug-free\n                                 America, and (6) continue to build a strong institution. Organized\nDepartment of the Treasury       into offices and bureaus, the Department of the Treasury\n                                 encompasses a wide range of programmatic and operational\n                                 activities. The Treasury\xe2\x80\x99s Financial Crimes Enforcement Network\n                                 (FinCEN) supports law enforcement investigative efforts against\n                                 domestic and international financial crimes. Refer to \xe2\x80\x9cFinCEN\xe2\x80\x9d for\n                                 more information.\n                                 The DSC promotes the safety and soundness of FDIC-supervised\n                                 institutions, protects consumers\xe2\x80\x99 rights, and promotes community\n                                 investment initiatives by FDIC-supervised insured depository\n                                 institutions. The mission of the DSC is to promote stability and\n                                 public confidence in the nation's financial system by:\nDivision of Supervision and      \xe2\x80\xa2    examining and supervising insured financial institutions to\nConsumer Protection (DSC)             ensure they operate in a safe and sound manner, consumers'\n                                      rights are protected, and FDIC-supervised institutions invest in\n                                      their communities; and\n                                 \xe2\x80\xa2    providing timely and accurate deposit insurance information to\n                                      financial institutions and the public.\n\n                                 Sections 10(b) and (c) of the FDI Act empower examiners to make a\n                                 thorough examination of all of the affairs of the bank. Section 10(d)\n                                 of the FDI Act requires an annual full-scope on-site examination of\n                                 every insured state nonmember bank at least once during each 12-\n                                 month period. Annual examination intervals may be extended to\n                                 18 months under certain conditions. The FDIC also alternates\n                                 examination cycles with state regulatory agencies. The statutory\nExaminations\n                                 requirements in Section 10(d) of the FDI Act do not apply to\n                                 specialty examinations. Thus, specialty examinations are governed\n                                 by internal DSC policy, not statute. Specialty examinations, which\n                                 include BSA examinations, should generally be conducted\n                                 concurrently with safety and soundness examinations. Examinations\n                                 can be risk-focused to properly assess a financial institution's risk\n                                 profile.\n\n\n\n\n                                                          45\n                                      This Report Contains Confidential Information\n                     For Official Use Only                                   Restricted Information\n\x0c                                                                                                      APPENDIX VIII\n\n\n                                            GLOSSARY\n\n           Term                                                   Definition\n                                 According to the FDIC Manual of Examination Policies, banks may\n                                 exempt certain categories of customers and are not required to file\n                                 CTRs for those classes of \xe2\x80\x9cExempt Persons.\xe2\x80\x9d Exempted entities\n                                 may include, but are not limited to:\n                                 \xe2\x80\xa2   A bank, to the extent of such bank\xe2\x80\x99s domestic operations;\n                                 \xe2\x80\xa2   A non-listed business, which is defined as any other commercial\n                                     enterprise, to the extent of its domestic operations, except certain\n                                     operations included under the Treasury Department\xe2\x80\x99s Part\nExemptions\n                                     103.22. Non-listed businesses must meet certain other criteria to\n                                     be eligible for exemption status.\n                                 \xe2\x80\xa2   A payroll customer with respect solely to withdrawals for\n                                     payroll purposes from existing transaction amounts.\n                                 Banks must verify, at least annually, the status of all entities\n                                 designated as exempt. The specific methodology for performing this\n                                 assessment is largely at the bank\xe2\x80\x99s discretion; however, results of the\n                                 review must be documented.\n                                 The FDIC\xe2\x80\x99s Supervision Program promotes the safety and soundness\n                                 of FDIC-supervised institutions, protects consumers\xe2\x80\x99 rights, and\n                                 promotes community investment initiatives by FDIC-supervised\n                                 insured depository institutions.\n\n                                 As supervisor, the FDIC performs safety and soundness\n                                 examinations of FDIC-supervised institutions to assess their overall\n                                 financial condition, management practices and policies, and\n                                 compliance with applicable laws and regulations. Through the\n                                 examination process, the FDIC also assesses the adequacy of\n                                 management and internal control systems to identify and control\n                                 risks. Procedures normally performed in completing this assessment\nFDIC Supervision\n                                 may disclose the presence of fraud or insider abuse.\n\n                                 The FDIC supervises FDIC-insured state-chartered banks that are\n                                 not members of the Federal Reserve System, described as state\n                                 nonmember banks. This includes state-licensed insured branches of\n                                 foreign banks and state-chartered mutual savings banks. The FDIC\n                                 also has special examination authority for state member banks that\n                                 are supervised by the Federal Reserve Board, national banks that are\n                                 supervised by the Office of the Comptroller of the Currency, and\n                                 savings associations that are supervised by the Office of Thrift\n                                 Supervision. This authority is exercised in the FDIC\xe2\x80\x99s role as\n                                 insurer of those institutions.\n                                 The FDIC\xe2\x80\x99s mission is to maintain the stability of and public\nFederal Deposit Insurance        confidence in the nation's financial system. To achieve this goal, the\nCorporation                      FDIC was created in 1933 to insure deposits and promote safe and\n                                 sound banking practices.\n\n\n\n                                                          46\n                                      This Report Contains Confidential Information\n                     For Official Use Only                                   Restricted Information\n\x0c                                                                                                        APPENDIX VIII\n\n\n                                              GLOSSARY\n\n            Term                                                    Definition\n                                   The Federal Reserve, the central bank of the United States, was\n                                   founded by Congress in 1913 to provide the nation a safer, more\n                                   flexible, and more stable monetary and financial system. The\n                                   Federal Reserve is responsible for\n                                   (1) conducting the nation\xe2\x80\x99s monetary policy;\nFederal Reserve System\n                                   (2) supervising and regulating banking institutions and protecting\n                                        the credit rights of consumers;\n                                   (3) maintaining the stability of the financial system; and\n                                   (4) providing certain financial services to the U.S. government, the\n                                        public, financial institutions, and foreign official institutions.\n                                   The Formal and Informal Action Tracking system serves as a central\n                                   automated source of information on DSC regulatory actions. When\nFIAT\n                                   a formal or informal action is contemplated or initiated, a record of\n                                   that action is created in FIAT.\n                                   Financial Institution Letters are addressed to the chief executive\n                                   officers of financial institutions, generally FDIC-supervised\n                                   institutions, and may announce new regulations, special alerts\n                                   concerning counterfeit financial institutions, new FDIC publications,\nFinancial Institution Letters\n                                   and a variety of other matters, including information related to the\n                                   PATRIOT Act, of principal interest to those responsible for\n                                   operating a bank or savings association. Refer also to the USA\n                                   PATRIOT Act.\n                                   The Financial Crimes Enforcement Network is an office within the\nFinCEN                             Office of the Under Secretary (Enforcement) of the Department of\n                                   the Treasury.\n                                   The FDIC may issue formal actions pursuant to Section 8 of the\n                                   Federal Deposit Insurance Act. Formal actions include termination\nFormal Actions\n                                   of federal deposit insurance; cease and desist action; removal,\n                                   prohibition, and suspension actions; and civil money penalties.\n                                   High Intensity Money Laundering and Related Financial Crime\n                                   Areas (HIFCA) is a categorization announced in the 1999 National\n                                   Money Laundering Strategy and was conceived in the Money\nHigh Intensity Money               Laundering and Financial Crimes Strategy Act of 1998 as a means of\nLaundering and Related             concentrating law enforcement efforts at the federal, state, and local\nFinancial Crime Area               levels in high intensity money laundering zones. HIFCAs may be\n                                   defined geographically, or they can also be created to address money\n                                   laundering in an industry sector, a financial institution, or groups of\n                                   financial institutions.\n                                   Informal actions include a bank board resolution (BBR) and a\n                                   Memorandum of Understanding (MOU). DSC may recommend that\n                                   an institution commit to address specific noted deficiencies by\nInformal Actions\n                                   adopting a BBR. DSC may issue an MOU to institutions when there\n                                   is reason to believe the deficiencies noted during an examination will\n                                   not be addressed adequately by a BBR.\n\n\n                                                            47\n                                        This Report Contains Confidential Information\n                       For Official Use Only                                   Restricted Information\n\x0c                                                                                                       APPENDIX VIII\n\n\n                                             GLOSSARY\n\n           Term                                                    Definition\n\nInsured Depository                The term insured depository institution means any bank or savings\nInstitution                       association, the deposits of which are insured by the FDIC.\n\n                                  Any bank, including a foreign bank having a branch, the deposits of\n                                  which are insured in accordance with the provisions of the Federal\n                                  Deposit Insurance Act, which is not a member of the Federal\nInsured Nonmember Bank\n                                  Reserve System. The term does not include any institution chartered\n                                  or licensed by the Comptroller of the Currency, any District of\n                                  Columbia bank, or any savings association.\n                                  Internal control is an integral component of an organization\xe2\x80\x99s\n                                  management that provides reasonable assurance of achieving\nInternal Control\n                                  effectiveness and efficiency of operations, reliability of financial\n                                  reporting, and compliance with applicable laws and regulations.\n                                  A Memorandum of Understanding (MOU) is an informal agreement\n                                  between an institution and the FDIC and is signed by both parties.\n                                  MOUs, usually drafted by an FDIC official, are designed to address\n                                  and correct identified weaknesses in an institution\xe2\x80\x99s condition. The\nMemorandum of                     FDIC generally uses MOUs instead of BBRs, especially when there\nUnderstanding                     is reason to believe the deficiencies noted during an examination will\n                                  not be addressed adequately by a BBR. The use of an MOU does\n                                  not rule out recourse to formal action if the FDIC believes the\n                                  institution\xe2\x80\x99s management is unwilling or unable to voluntarily take\n                                  necessary corrective action.\n                                  Defined by the Office of Management and Budget. A Metropolitan\n                                  Statistical Area (MSA) is a large population nucleus, together within\n                                  adjacent communities that have a high degree of economic and\n                                  social integration with that nucleus. An area qualifies for\n                                  recognition as an MSA in one of two ways: (1) if it includes a city\n                                  with a population of at least 50,000, or (2) if it includes a Census\n                                  Bureau-defined urbanized area (a population of at least 50,000) with\nMetropolitan Statistical Area     a total metropolitan population of at least 100,000 (75,000 in New\n                                  England). In addition to the county(ies) containing the main city or\n                                  urbanized area, an MSA may include additional counties that have\n                                  strong economic and social ties to the central county(ies) and meet\n                                  specified requirements of metropolitan character. The ties are\n                                  determined chiefly by census data on commuting to work. A\n                                  metropolitan statistical area may contain more than one city with a\n                                  population of 50,000 and may cross state lines.\n                                  In federal law, money laundering is the flow of cash or other\n                                  valuables derived from, or intended to facilitate, the commission of a\n                                  criminal offense. More specifically, money laundering is the process\nMoney Laundering                  by which criminals or criminal organizations seek to disguise the\n                                  illicit nature of their proceeds by introducing them into the stream of\n                                  legitimate commerce and finance. Federal authorities attack money\n                                  laundering through regulations, criminal sanctions, and forfeitures.\n\n                                                           48\n                                       This Report Contains Confidential Information\n                      For Official Use Only                                   Restricted Information\n\x0c                                                                                                      APPENDIX VIII\n\n\n                                            GLOSSARY\n\n           Term                                                   Definition\n                                 Codified to 31 U.S.C. 5301, Improvement of Identification of\n                                 Money Laundering Schemes: Required enhanced training,\n                                 examinations, and referrals by banking agencies. Each appropriate\n                                 federal banking agency shall, in consultation with the Secretary of\n                                 the Treasury and other appropriate law enforcement agencies were\n                                 required to (1) review and enhance training and examination\n                                 procedures to improve the identification of money laundering\n                                 schemes involving depository institutions; and (2) review and\nMoney Laundering\n                                 enhance procedures for referring cases to any appropriate law\nSuppression Act of 1994\n                                 enforcement agency. In addition, the Act required improved\n                                 reporting of criminal schemes by law enforcement agencies. The\n                                 Secretary of the Treasury and each appropriate law enforcement\n                                 agency shall provide, on a regular basis, information regarding\n                                 money laundering schemes and activities involving depository\n                                 institutions to each appropriate federal banking agency in order to\n                                 enhance each agency's ability to examine for and identify money\n                                 laundering activity.\n                                 There are four federal regulators of banks and savings and loan\n                                 institutions:\n                                 \xe2\x80\xa2    Federal Deposit Insurance Corporation (FDIC) \xe2\x80\x93 The primary\n                                      federal regulator responsible for state-chartered banks that are\n                                      not members of the Federal Reserve System and for state-\n                                      chartered savings banks.\n                                 \xe2\x80\xa2    Board of Governors of the Federal Reserve System (FRB) \xe2\x80\x93 The\n                                      primary federal regulator responsible for state-chartered\nPrimary Federal Regulator\n                                      commercial bank members of the Federal Reserve System.\n                                 \xe2\x80\xa2    Office of the Comptroller of the Currency (OCC) \xe2\x80\x93 The primary\n                                      federal regulator responsible for nationally chartered commercial\n                                      banks.\n                                 \xe2\x80\xa2 Office of Thrift Supervision (OTS) \xe2\x80\x93 The primary federal\n                                      regulator responsible for federally chartered savings and loan\n                                      associations, federal savings banks, and state-chartered savings\n                                      and loan associations.\n                                 The objective of a risk-focused examination is to effectively evaluate\n                                 the safety and soundness of the bank, including the assessment of\n                                 risk management systems, financial condition, and compliance with\nRisk Focused Supervision         applicable laws and regulations, while focusing resources on the\n                                 bank\xe2\x80\x99s highest risks. According to DSC examination guidance, the\n                                 exercise of examiner judgment to determine the depth of review in\n                                 each functional area is crucial to the success of the risk-focused\n                                 supervisory process.\n\n\n\n\n                                                          49\n                                      This Report Contains Confidential Information\n                     For Official Use Only                                   Restricted Information\n\x0c                                                                                                        APPENDIX VIII\n\n\n                                              GLOSSARY\n\n            Term                                                    Definition\n                                   These periodic, on-premise examinations help maintain public\n                                   confidence in the integrity of the banking system and in individual\n                                   banks, provide the best means of determining a bank\xe2\x80\x99s adherence to\nSafety and Soundness               laws and regulations, protect the financial integrity of the deposit\nExaminations                       insurance funds, and provide supervisory agencies with an\n                                   understanding of the nature relative seriousness, and ultimate cause\n                                   of a bank\xe2\x80\x99s problems and thus the factual foundation to soundly base\n                                   corrective measures, recommendations, and instructions.\n                                   A suspicious activity report (SAR) must be filed when there are\n                                   suspicions that a financial transaction falls into one or more of the\n                                   following categories:\n                                   \xe2\x80\xa2    Is derived from illegal activity or is intended or conducted in\n                                        order to hide or disguise funds or assets derived from illegal\nSuspicious Activity Report              activity.\n                                   \xe2\x80\xa2    Is designed to evade BSA requirements, whether through\n                                        structuring or other means.\n                                   Serves no business or apparent lawful purpose, and the financial\n                                   institution can determine no reasonable explanation for the\n                                   transaction after examining all available facts.\n                                   An act of terrorism can include both domestic and international\n                                   actions that (1) involve acts dangerous to human life that violate\n                                   criminal laws of the United States or of any state; (2) appear to be\n                                   intended to intimidate or coerce a civilian population, influence the\nTerrorism\n                                   policy of a government by intimidation or coercion, or affect the\n                                   conduct of a government by mass destruction, assassination, or\n                                   kidnapping; and (3) occur primarily within the territorial jurisdiction\n                                   of the United States.\n                                   The United and Strengthening America by Providing Appropriate\n                                   Tools Required to Intercept and Obstruct Terrorism Act of 2001,\n                                   also known as the USA PATRIOT Act. The USA PATRIOT Act\n                                   was enacted on October 26, 2001 and is directed primarily at anti-\nUSA PATRIOT Act                    terrorism. Title III of the Act contains several anti-money\n                                   laundering provisions that affect financial institutions. The\n                                   Secretary of the Treasury has the authority to impose provisions\n                                   under this Act on financial institutions. The Act expands\n                                   requirements that are included under the Bank Secrecy Act of 1970.\n                                   Virtual Supervisory Information on the Net system, which is used to\n                                   capture data on the results of DSC\xe2\x80\x99s reports of examination,\nViSION\n                                   including identified BSA violations and to report those violations to\n                                   the Treasury Department.\n\n\n\n\n                                                            50\n                                        This Report Contains Confidential Information\n                       For Official Use Only                                   Restricted Information\n\x0c                       APPENDIX IX\n\n\n\nCORPORATION COMMENTS\n\x0c                                                                                 APPENDIX IX\n                 CORPORATION COMMENTS\n\n\n\n\n                                     52\n                 This Report Contains Confidential Information\nFor Official Use Only                                   Restricted Information\n\x0c                                                                                 APPENDIX IX\n                 CORPORATION COMMENTS\n\n\n\n\n                                     53\n                 This Report Contains Confidential Information\nFor Official Use Only                                   Restricted Information\n\x0c                                                                                 APPENDIX IX\n                 CORPORATION COMMENTS\n\n\n\n\n                                     54\n                 This Report Contains Confidential Information\nFor Official Use Only                                   Restricted Information\n\x0c                                                                                 APPENDIX IX\n                 CORPORATION COMMENTS\n\n\n\n\n                                     55\n                 This Report Contains Confidential Information\nFor Official Use Only                                   Restricted Information\n\x0c                       APPENDIX IX\n\n\n\nCORPORATION COMMENTS\n\x0c                                                                                 APPENDIX IX\n                 CORPORATION COMMENTS\n\n\n\n\n                                     57\n                 This Report Contains Confidential Information\nFor Official Use Only                                   Restricted Information\n\x0c                                                                                 APPENDIX IX\n                 CORPORATION COMMENTS\n\n\n\n\n                                     58\n                 This Report Contains Confidential Information\nFor Official Use Only                                   Restricted Information\n\x0c                                                                                 APPENDIX IX\n                 CORPORATION COMMENTS\n\n\n\n\n                                     59\n                 This Report Contains Confidential Information\nFor Official Use Only                                   Restricted Information\n\x0c                                                                                 APPENDIX IX\n                 CORPORATION COMMENTS\n\n\n\n\n                                     60\n                 This Report Contains Confidential Information\nFor Official Use Only                                   Restricted Information\n\x0c                                                                                 APPENDIX IX\n                 CORPORATION COMMENTS\n\n\n\n\n                                     61\n                 This Report Contains Confidential Information\nFor Official Use Only                                   Restricted Information\n\x0c                                                                                 APPENDIX IX\n                 CORPORATION COMMENTS\n\n\n\n\n                                     62\n                 This Report Contains Confidential Information\nFor Official Use Only                                   Restricted Information\n\x0c                                                                                 APPENDIX IX\n                 CORPORATION COMMENTS\n\n\n\n\n                                     63\n                 This Report Contains Confidential Information\nFor Official Use Only                                   Restricted Information\n\x0c                                                                                                 APPENDIX IX\n                                 CORPORATION COMMENTS\n\n                                              EXHIBIT II\n\n\n          Internal Assessment of the FDIC Division of Supervision and\n          Consumer Protection\xe2\x80\x99s Program to Evaluate Bank Compliance\n                           with the Bank Secrecy Act\n\n\nPrimary Objective: Provide an internal assessment of the Division of Supervision and\nConsumer Protection\xe2\x80\x99s responsibility under the Bank Secrecy Act, the corresponding supervisory\nprogram that ensures state non-member institutions comply with the regulatory rules that\nimplement the BSA, and current DSC initiatives to execute BSA rule modifications.\n\n\nSecondary Objective: Evaluate institutions sampled by the Office of Inspector General and\ndiscussed in the draft audit report Supervisory Actions Taken for Bank Secrecy Act Violations.\n\n\nDate:     March 17, 2004\n\n\nContact: Lisa D. Arquette\n         Special Activities Section Chief\n         (202) 898-8633\n\n\n\n\n                                                     64\n                                 This Report Contains Confidential Information\n                For Official Use Only                                   Restricted Information\n\x0c                                                                                               APPENDIX IX\n\n                               CORPORATION COMMENTS\n\n\n           INTERNAL ASSESSMENT OF DSC\xe2\x80\x99S PROGRAM TO EVALUATE\n                     BANK COMPLIANCE WITH THE BSA\n\n\n\nExecutive Summary                                                                                     66\n\nResponsibilities of the FDIC to Facilitate BSA Compliance                                             68\n\nBSA Supervisory Approach                                                                              69\n        Risk-Focused Supervisory Strategy                                                             70\n        Enforcement Actions Related to the BSA                                                        71\n        Individual Enforcement Action Cases                                                           74\n\nRefining Supervisory Strategies                                                                       78\n         Industry Outreach                                                                            79\n         Global Counter-Terrorist Financing Initiatives and Technical                                 80\n         Assistance\n         Domestic Anti-Money Laundering and Counter-Terrorist                                         81\n         Financing Initiatives\n\nOverall Assessment of DSC Supervisory Approach                                                        81\n\nAppendix A: OIG Audit of DSC\xe2\x80\x99s BSA Program                                                            83\n        Conclusion of DSC Supervisory Approach to OIG-Sampled                                        131\n        Institutions\n\nAppendix B: History of the BSA                                                                       132\n         BSA Legislative Changes                                                                     133\n\n\nTables and Maps\n\nTable 1   Summary of Individual Enforcement Action Case Activity                                      77\n\nTable 2   OIG\xe2\x80\x99s Sampled Institutions                                                                  85\n\nMap 1     Banks from OIG Sample                                                                       86\n\nMap 2     Banks Identified from OIG Sample as Inadequate Follow Up                                    87\n\n\n\n\n                                                   65\n                               This Report Contains Confidential Information\n              For Official Use Only                                   Restricted Information\n\x0c                                                                                                  APPENDIX IX\n                                  CORPORATION COMMENTS\n\n      Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA\n\n\nEXECUTIVE SUMMARY\n\nThe primary objective of this document is to provide an internal assessment of the Division of\nSupervision and Consumer Protection\xe2\x80\x99s (\xe2\x80\x9cDSC\xe2\x80\x9d) responsibility under the Bank Secrecy Act\n(\xe2\x80\x9cBSA\xe2\x80\x9d), the corresponding supervisory program that ensures state non-member institutions\ncomply with the regulatory rules that implement the BSA, and current DSC initiatives to execute\nBSA rule modifications. A secondary objective is to evaluate institutions sampled by the Office\nof Inspector General (\xe2\x80\x9cOIG\xe2\x80\x9d) and described in the draft audit report, Supervisory Actions Taken for\nBank Secrecy Act Violations (refer to Appendix A).\n\nOverall, the findings of the internal assessment suggest the DSC has developed and implemented\nan effective supervisory program to monitor and enforce BSA compliance in FDIC-supervised\ninstitutions. The DSC has established effective policies, guidance, and practices for educating\nand examining FDIC-supervised institutions, identifying areas of non-compliance with the BSA,\nand ensuring that any weaknesses in an institution\xe2\x80\x99s BSA program are corrected.\n\nIn general, the DSC has implemented a risk-focused approach to assess compliance with the\nBSA, which emphasizes a strong control and compliance environment within FDIC-supervised\ninstitutions. The vast majority of FDIC-supervised institutions are small, community-based,\nlocally-owned institutions that operate in rural or suburban environments. The institutions\xe2\x80\x99\ncustomers are well known by bank management and unusual cash transactions are uncommon.\nIn light of this, the DSC believes a flexible supervisory approach using technical guidance, moral\nsuasion and a gradual escalation of enforcement action is appropriate.\n\nWhile issuing enforcement actions has proven effective in numerous instances where serious\nnoncompliance with the BSA was noted, the DSC has determined that enforcing BSA\ncompliance is most effectively handled in the majority of FDIC-supervised institutions within the\nnormal course of supervisory efforts. This supervisory approach relies upon the proven ability\nand willingness of bank management to correct deficiencies and establish an adequate\ncompliance program. The DSC has generally relied on this approach to address technical\nnoncompliance where the exposure to risk of potential money laundering activities is low based\non the profile of the institution and history of management\xe2\x80\x99s actions in addressing identified\nweaknesses.\n\nHowever, the DSC responds aggressively in cases where a greater risk for potential money\nlaundering exists within an institution. These more serious situations may include willful non-\ncompliance, absence of a BSA program, or significant apparent violations of law. The FDIC\xe2\x80\x99s\nsupervisory response in various cases often involves the use of formal and informal enforcement\n\n\n\n\n                                                      66\n                                  This Report Contains Confidential Information\n                 For Official Use Only                                   Restricted Information\n\x0c                                                                                                   APPENDIX IX\n                                   CORPORATION COMMENTS\n\n      Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\nactions. Enforcement actions are generally pursued when immediate corrective action is\nrequired in order to prevent elevated risks from potential money laundering activities. These\nactions have also been issued against unresponsive or ineffective management and boards of\ndirectors. The DSC has issued several formal actions, including Orders to Cease and Desist and\nOrders of Prohibition from Further Participation, which address substantially deficient programs\nand illicit activities of insiders. Additionally, informal actions have also been used to effect\ncompliance at institutions where policies and practices need significant improvement.\n\nA notable change to the BSA focus and the DSC\xe2\x80\x99s corresponding supervisory approach\nunexpectedly occurred in 2001. Prior to the terrorist events of September 11, 2001, the emphasis\nbehind enforcement of the BSA was primarily directed toward the criminal activities of\norganized crime syndicates and international drug trafficking organizations and preventing those\nentities from utilizing the United States banking system to engage in money laundering activities.\nHowever, since the tragic events of September 11th, the BSA has taken on an elevated level of\nnational priority. Efforts directed towards this national and global initiative have been amplified\nto provide assistance to the war on terror. The anti-money laundering (\xe2\x80\x9cAML\xe2\x80\x9d) provisions of the\nBSA were augmented (with the passage of the USA PATRIOT Act of 200121) and have become\na useful tool in tracing terrorist financing activities The identification and prevention of potential\nmoney laundering and terrorist financing is a primary element of bank supervision.\n\nAs a primary federal regulator, the FDIC recognizes the importance of this issue to the banking\nindustry and homeland security. In response, the DSC has been proactive in the development\nand issuance of interagency examination guidance and examiner training to ensure appropriate\nenforcement of the provisions of the BSA and the USA PATRIOT Act. Additionally, the DSC\nhas organized and participated in numerous outreach programs intended to inform and educate\nthe banking industry of USA PATRIOT Act compliance requirements, given the rapidly\nchanging landscape of money laundering and terrorist financing concerns. Furthermore, while\nthe DSC has considerably expanded its bank supervision policies and practices in this area; much\nof the DSC\xe2\x80\x99s efforts to proactively respond involve interagency and joint law enforcement\ninitiatives.\n\nMany of these initiatives include domestic and international partnerships. These initiatives\ninclude: participation in the Financial Actions Task Force (\xe2\x80\x9cFATF\xe2\x80\x9d) and in the FATF\xe2\x80\x99s Working\nGroup on Terrorist Financing (\xe2\x80\x9cWGTF\xe2\x80\x9d); participation in the Basel Committee decision-making\nprocess in reviewing the \xe2\x80\x9cKnow Your Customer\xe2\x80\x9d risk management report; participation in\n\n21\n  USA PATRIOT Act is the acronym for \xe2\x80\x9cUniting and Strengthening America by Providing\nAppropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001.\xe2\x80\x9d\n\n\n\n\n                                                       67\n                                   This Report Contains Confidential Information\n                  For Official Use Only                                   Restricted Information\n\x0c                                                                                                     APPENDIX IX\n                                     CORPORATION COMMENTS\n\n       Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\nworking groups and technical assistance missions sponsored by the Departments of State and\nTreasury, which are designed to assess vulnerabilities to terrorist financing activity worldwide\nand to develop and implement plans to assist foreign governments concerning these issues; and\nserving as point-of-contact (\xe2\x80\x9cPOC\xe2\x80\x9d) liaison between the Financial Crimes Enforcement Network\n(\xe2\x80\x9cFinCEN\xe2\x80\x9d) and FDIC-supervised institutions in the USA PATRIOT Act Section 314(a)\nterrorist-subject biweekly searches. The DSC also issues Financial Institution Letters to relay\nregular updates on Specifically Designated Nationals and Blocked Persons and Specifically\nDesignated Global Terrorists as required by the Department of the Treasury\xe2\x80\x99s (\xe2\x80\x9cTreasury\xe2\x80\x9d)\nOffice of Foreign Assets Control (\xe2\x80\x9cOFAC\xe2\x80\x9d).\n\nOverall, the DSC has been responsive to the intent of the BSA by establishing a comprehensive\nsupervisory approach, which includes conducting BSA compliance examinations and ensuring\nappropriate supervisory follow up when BSA concerns exist in FDIC-supervised institutions.\nAdditionally, the DSC has been proactive in addressing recent changes to the BSA by being an\nactive participant in the USA PATRIOT Act rulemaking process, incorporating those rules into\nexaminer and industry guidance, providing various forms of examiner and industry training and\noutreach sessions, and assisting in global anti-money laundering and counter-financing of\nterrorism efforts.\n\n\nRESPONSIBILITIES OF THE FDIC TO FACILITATE BSA COMPLIANCE\n\nWhile the BSA statute designates the Secretary of the Treasury as the authority to administer the\nBSA,22 the Treasury regulations allow the Secretary to delegate authority to examine financial\ninstitutions to determine compliance with the requirements of Part 103, Treasury\xe2\x80\x99s Financial\nReporting and Recordkeeping Regulations. The FDIC\xe2\x80\x99s responsibilities under Section\n103.56(b)(3) and (e) are to examine financial institutions for compliance with Part 103 and to\nmake periodic reports to the Assistant Secretary of the Treasury. The DSC reviews compliance\nwith Part 103 at every safety and soundness examination. Part 103 does not prescribe the\nfrequency at which compliance should be reviewed. The DSC conducts BSA compliance\nreviews concurrent with all full-scope on-site safety and soundness examinations of every FDIC-\nsupervised institution.\n\n\n22\n   FinCEN was established in April 1990 to provide a government-wide, multi-source intelligence and analytical\nnetwork. FinCEN\xe2\x80\x99s operation was broadened in 1994 to include regulatory responsibilities. In October 2001, the\nUSA PATRIOT Act elevated FinCEN to bureau status and emphasized its role in fighting terrorist financing.\nFinCEN administers the BSA (comprehensive anti-money laundering statute) and is responsible for expanding the\nregulatory framework to industries vulnerable to money laundering, terrorist financing, and other crime.\n\n\n\n\n                                                         68\n                                     This Report Contains Confidential Information\n                    For Official Use Only                                   Restricted Information\n\x0c                                                                                                  APPENDIX IX\n                                  CORPORATION COMMENTS\n\n      Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\nSection 8(s) of the Federal Deposit Insurance Act (\xe2\x80\x9cFDI Act\xe2\x80\x9d) provides additional BSA-related\nresponsibilities [refer to Exhibit I for the Legal Division\xe2\x80\x99s Analysis of Section 8(s)]. Section\n8(s)(1) of the FDI Act requires each appropriate Federal banking agency to prescribe regulations\nrequiring insured depository institutions to establish and maintain procedures reasonably\ndesigned to assure and monitor the compliance of such depository institutions with the\nrequirements of Subchapter II of Chapter 53 of Title 31, United States Code. The implementing\nregulation for Section 8(s) of the FDI Act is Part 326, Subpart B - Procedures for Monitoring\nBSA Compliance (12 CFR Section 326.8). In addition, Section 8(s)(2)(A) requires that each\nexamination of an insured depository institution by the appropriate Federal banking agency shall\ninclude a review of the procedures required to be established and maintained under Section 326.8\nof the FDIC Rules and Regulations (refer to Appendix B for BSA History and Legislative\nChanges).\n\n\nBSA SUPERVISORY APPROACH\n\nBSA Compliance Examination Process. The FDIC is responsible for ensuring that state-\nnonmember banks comply with the BSA. At each safety and soundness examination, the\nadequacy of an institution\xe2\x80\x99s BSA compliance program and procedures is assessed. After a\ncomplete analysis of the bank, which includes capital, asset quality, management, earnings,\nliquidity, and sensitivity to market risk, ratings are assigned and a report of examination is\nprepared. Composite ratings are based on a careful evaluation of an institution\xe2\x80\x99s managerial,\noperational, financial, and compliance performance. The BSA compliance examination is\nconsidered very important and is conducted as part of the entire examination process. BSA\nfindings contribute most significantly to the management component rating, but can have a\nsignificant influence on the composite rating, when notable deficiencies exist.\n\nOver the past seven years, the FDIC has conducted more than 17,750 BSA compliance\nexaminations. Examiners document their findings in a Report of Examination. The DSC\nprovides an aggregate report to FinCEN on apparent violations of the Treasury\xe2\x80\x99s Financial\nReporting and Recordkeeping Regulations (31 CFR 103) and the FDIC\xe2\x80\x99s Section 326.8\nidentified during examinations. Also, the DSC makes referrals to FinCEN on significant matters\nand informs FinCEN of actions that the FDIC has taken against FDIC-supervised institutions or\ninstitution-affiliated parties (\xe2\x80\x9cIAPs\xe2\x80\x9d).\n\nFinancial institutions are required to have a written BSA policy and program. Employee training\nprograms, audit procedures, and senior-level oversight are also required. The DSC employs a\nvariety of supervisory methods to ensure that financial institutions establish and maintain an\nadequate BSA program. The majority of apparent BSA violations involve minor infractions,\n\n\n\n\n                                                      69\n                                  This Report Contains Confidential Information\n                 For Official Use Only                                   Restricted Information\n\x0c                                                                                                     APPENDIX IX\n                                     CORPORATION COMMENTS\n\n       Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\ngenerally isolated to a few occurrences, and those infractions are generally corrected while the\nexaminers are still in the institution or shortly after their departure. Occasionally, there are some\ninstitutions that fail to correct violations or implement adequate compliance programs, which the\nDSC examiners discover at subsequent examinations. Generally, for those institutions, the DSC\nperforms additional monitoring through on-site visitations conducted between the regularly\nscheduled examinations and, when appropriate, takes other supervisory action. Over the past\nseven years, the DSC has taken 40 formal actions and entered into 75 informal agreements with\ninstitutions that demonstrated significant and/or recurring weaknesses regarding BSA\ncompliance.\n\nRisk-Focused Supervisory Strategy. The FDIC is the primary federal regulator of approximately\n5,300 insured financial institutions holding total assets of almost $1.7 trillion. By contrast, the\nFederal Reserve Board (\xe2\x80\x9cFRB\xe2\x80\x9d) supervises 935 banks with assets of $1.9 trillion, and the Office\nof the Comptroller of the Currency (\xe2\x80\x9cOCC\xe2\x80\x9d) supervises about 2,000 banks with assets of $4.1\ntrillion. The majority of FDIC-supervised institutions are smaller and located in less-densely\npopulated areas. Of the 5,300 institutions supervised by the FDIC, 2,850, or 54 percent, are not\nlocated in metropolitan areas or MSAs23 and hold 22 percent of FDIC-supervised assets. The\nremaining 46 percent of FDIC-supervised banks are located in metropolitan areas and hold 78\npercent of FDIC-supervised assets.\n\nThe DSC has adopted a risk-focused approach to proactively assess risk for institutions and apply an\nappropriate amount of supervisory resources. In doing so, the DSC considers an institution\xe2\x80\x99s BSA risk\nprior to and during an examination. An examiner might consider an institution with the following\ncharacteristics to have a low BSA risk: located in a rural area (non-MSA) or suburban area; not located\nin a high-risk money laundering and related financial crimes area (HIFCA24); small asset size; small\ndeposit base; known and stable customer base; stable management and employee base; and relatively\nfew reportable transactions (as defined by CFR 103). The DSC factors an institution\xe2\x80\x99s risk of money\nlaundering into examination planning as well as into the evaluation of identified BSA weaknesses.\n\n\n23\n   MSAs or metropolitan statistical areas are defined by the Office of Management and Budget. An MSA is a large\npopulation nucleus, together with adjacent communities that have a high degree of economic and social integration\nwith that nucleus. Each MSA must contain either a minimum population of 50,000 or a Census Bureau-defined\nurbanized area with a total population of at least 100,000. MSAs comprise one or more counties and may include\none or more outlying counties that have close economic and social relationships with the central county. An outlying\ncounty must have a specified level of commuting to the central counties and also must meet certain standards\nregarding metropolitan character. For example, the Washington, D.C. MSA extends from Frederick, Maryland, to\nFredericksburg, Virginia, and includes two counties in West Virginia.\n24\n   HIFCA is a categorization announced in the 1999 National Money Laundering Strategy and was conceived in the\nMoney Laundering and Financial Crimes Strategy Act of 1998 as a means of concentrating law enforcement efforts\nat the federal, state, and local levels in high intensity money laundering zones.\n\n\n\n\n                                                         70\n                                     This Report Contains Confidential Information\n                    For Official Use Only                                   Restricted Information\n\x0c                                                                                                     APPENDIX IX\n                                     CORPORATION COMMENTS\n\n       Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\nAn important factor in risk-focusing BSA compliance examinations is considering whether an institution\nis located in a HIFCA, which may be defined geographically or can also be created to address money\nlaundering in an industry sector, a financial institution, or group of financial institutions. Relevant\nfederal, state, and local enforcement authorities, prosecutors, and federal financial supervisory agencies\nform groups that monitor activity in HIFCAs. Current HIFCA designations for money laundering are\nassigned to the MSAs of New York City, New York; Los Angeles, California; Chicago, Illinois; San\nFrancisco, California; and Miami, Florida. HIFCAs also include the Mexican borders of Texas and\nArizona and San Juan, Puerto Rico. Generally, institutions located in a HIFCA receive more scrutiny\nfor BSA compliance than the institutions located outside a HIFCA, due to the elevated risk profile of the\nmarket area.\n\nThe DSC recognizes that an effective BSA supervisory approach must include a flexible\nresponse towards a financial institution\xe2\x80\x99s money laundering risk and the severity of the\ndeficiencies noted. Generally, institutions that operate within a HIFCA, have a large and diverse\ncustomer base (including high-risk businesses), transact a large volume of reportable\ntransactions, and are expected to have comprehensive BSA compliance programs. When those\nprograms are deficient, the DSC aggressively acts to effect immediate change within those\ninstitutions. Such responses generally involve a form of formal or informal enforcement action.\nEnforcement Actions Related to the BSA. The FDIC has the authority to take enforcement action\nrelated to BSA program problems. Enforcement actions are generally taken when bank\nmanagement willfully and knowingly neglects the BSA rules and/or is unresponsive to identified\nexamination weaknesses and apparent violations of the BSA or implementing rules. Enforcement\naction authority is granted by Section 8(s) of the FDI Act. While 8(s)(3) authorizes the FDIC to\nissue enforcement actions against institutions for BSA program problems and violations of law, the\nDSC has taken the position that this authority is discretionary and should be used judiciously.25\n\nWhen the DSC conducts BSA compliance examinations, weaknesses and apparent BSA\nviolations are documented in the report of examination and discussed with bank management\nand, if serious, the institution\xe2\x80\x99s board of directors. Generally bank management responds to\nidentified weaknesses during or shortly after the examination. In instances when corrections\n\n25\n   Excerpt from the Legal Division\xe2\x80\x99s analysis of Section 8(s) [see Exhibit I, Interpretation and Application of\nSection 8(s), dated March 12, 2004]: \xe2\x80\x9cSection 8(s)(3) applies to violations that demonstrate a flaw in the BSA\ncompliance procedures or program which are violations of Section 326.8(c) of the FDIC Rules and Regulations, 12\nC.F.R. 326.8(c), not to individual violations of the BSA or implementing regulations (such as isolated instances of\nmisfiling Currency Transaction Reports (\xe2\x80\x9cCTRs\xe2\x80\x9d) or Suspicious Activity Reports (\xe2\x80\x9cSARs\xe2\x80\x9d), or the failure to carry\nout a piece of an adequate written program). In addition, Section 8(s)(3)(B), with regard to previously reported\nproblems with the procedures, applies only to failures to correct problems identified previously with respect to the\nprocedures, not to chronologically successive violations that do not indicate that the procedures or program are\nflawed.\xe2\x80\x9d\n\n\n\n\n                                                         71\n                                     This Report Contains Confidential Information\n                    For Official Use Only                                   Restricted Information\n\x0c                                                                                                      APPENDIX IX\n                                      CORPORATION COMMENTS\n\n         Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\ndo not occur, and the DSC determines that a serious program flaw continues to exist, a more\naggressive supervisory action is taken. However, it should be noted that an isolated or\ntechnical problem or violation does not rise to the level of a serious program flaw; initiating\nan enforcement action in such cases would not be an effective manner to address those\nproblems.26 Consistent with the Legal analysis, the DSC\xe2\x80\x99s approach has been to\ndifferentiate between serious BSA program problems within an institution versus isolated\nand technical weaknesses. In practice, isolated and technical weaknesses can be addressed\nwithin the normal course of supervisory process.\n\nThe DSC believes a flexible supervisory approach using technical guidance, moral suasion,\nand a gradual escalation of enforcement action is appropriate. However, a more aggressive\nsupervisory approach is taken to effect correction when a greater risk for potential money\nlaundering exists within an institution and there is willful non-compliance of the BSA,\nabsence of a BSA program, and/or significant apparent violations of law.27 For example,\nfrom January 1, 1997, through September 30, 2003, FDIC institutions and IAPs were subject\nto 115 formal and informal enforcement actions that addressed deficiencies in compliance\nwith rules implementing the BSA. These actions, in whole or in part, address criticisms and\napparent violations cited in reports of examination. These actions consist of the following:\n\n     \xe2\x80\xa2    Bank Board Resolutions (\xe2\x80\x9cBBR\xe2\x80\x9d) require the institution\xe2\x80\x99s board of directors to draft a\n          written response addressing weaknesses cited in FDIC reports of examination and present\n          this document to the FDIC for notification.\n\n     \xe2\x80\xa2    Memorandums of Understanding (\xe2\x80\x9cMOU\xe2\x80\x9d) serve as a written agreement between the\n          institution\xe2\x80\x99s board of directors and the FDIC, on specific weaknesses cited in reports of\n\n\n26\n   Excerpt \xe2\x80\x93 \xe2\x80\x9cMoreover, a different procedural or program flaw in each of two consecutive examinations of a bank\nwould not, in our opinion, constitute a \xe2\x80\x9crepeat\xe2\x80\x9d violation by the bank. Therefore, many problems under and\nviolations of Section 326.8 do not fall within the scope of Section 8(s) regardless of the interpretation of the term\n\xe2\x80\x9cshall\xe2\x80\x9d in Section 8(s).\xe2\x80\x9d\n27\n   Excerpt -\xe2\x80\x9cThe absence of a mandate to bring a cease and desist action to address every violation of Section 8(s)\nor the regulations does not imply that the alternative is to take no action. To the contrary, the statutory intent must\nbe to take an appropriate corrective action based upon the severity of the problem, the risks it poses, and the bank\xe2\x80\x99s\nwillingness to comply expeditiously. For example, where there is a repeat procedural problem identified during an\nexamination but it is immediately corrected by management, there is no need for a cease and desist order to achieve\ncorrection. Similarly, if correction immediately after an examination is assured either by an informal MOU or\notherwise, there is no need for an order. In addition, where correction is mandated or obtained by a cease and\ndesist order issued under section 8(b) as part of an overall correction program for BSA and other violations no\nother or separate action under section 8(s) is necessary. This has been the FDIC\xe2\x80\x99s practice, and we believe it\ncomports with the intent of the statute.\xe2\x80\x9d\n\n\n\n\n                                                          72\n                                      This Report Contains Confidential Information\n                     For Official Use Only                                   Restricted Information\n\x0c                                                                                                  APPENDIX IX\n                                  CORPORATION COMMENTS\n\n       Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\n        examination that include cited apparent violations and systematic weaknesses in\n        compliance efforts.\n\n   \xe2\x80\xa2    Orders include provisions/requirements from the FDIC to the institution\xe2\x80\x99s board of\n        directors and senior management, which require the institution, or IAPs, to cease and\n        desist from activities that weakened the institution\xe2\x80\x99s BSA compliance program. Orders\n        also include the removal or prohibition of individuals from further participation with\n        insured institutions.\n\nThe type of enforcement action pursued by the DSC against an institution or IAP is directly\nrelated to the severity of the offense, management\xe2\x80\x99s willingness and ability to effectively\nimplement corrective action, as well as the extent to which the program has failed to identify\nand/or deter potential money laundering. Additionally, the nature of the criticism, the response\nto prior weakness or violation notifications and the overall risk profile of the institution are\nfactored into the type of supervisory action, as well as any determination to assess civil money\npenalties. When weaknesses are identified at institutions that have a high BSA risk profile, such\nas those located within a HIFCA, the DSC has been aggressive in taking supervisory action.\nFormal actions taken against institutions that operate within HIFCAs represent more than half of\nthe total actions taken over the audit timeframe.\n\nFormal actions have generally been imposed on institutions or IAPs where the activities of the\nindividuals, or inaction, are so negligent that the bank has allowed or has significantly increased\nits exposure to potential money laundering activities. Supervisory enforcement actions taken\nsince 1997 includes several Section 8(e) Orders of Prohibition from Further Participation\nagainst IAPs that not only failed to establish effective compliance programs within their\ninstitutions, but also actively engaged in activities that intentionally violated governing rules\nimplementing the BSA. Also included within the summary of enforcement actions for this time\nperiod are Section 8(b) Orders to Cease & Desist against institutions that failed to establish\nadequate compliance programs that effectively identify and report potential money laundering\nactivities. In many cases, the bank deficiencies and apparent violations were so egregious and\ndemonstrated such a blatant disregard for compliance with the BSA, that civil money penalties\nwere assessed (one in the amount of $7,500,000). While these actions demonstrate the diligence\nof the DSC to effect immediate change when necessary, the DSC has also effectively utilized\ninformal actions to strengthen the compliance efforts of its supervised institutions.\n\nInformal actions against institutions and IAPs remain the FDIC\xe2\x80\x99s most effective tool in creating\nan environment within the banking industry to identify and deter potential money laundering\nactivity in institutions where significant weaknesses have been identified. BBRs and MOUs\nprovide the written notice to bank management and boards of directors that significant\n\n\n\n\n                                                      73\n                                  This Report Contains Confidential Information\n                 For Official Use Only                                   Restricted Information\n\x0c                                                                                                  APPENDIX IX\n                                  CORPORATION COMMENTS\n\n      Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\ndeficiencies exist within BSA compliance programs; BBRs and MOUs also establish the\nmechanism for corrective action. By establishing a written agreement and expedient timeframes\nfor correction, the FDIC has been able to strengthen the AML environment within certain of its\nsupervised institutions.\n\nIncluded within the total number of enforcement actions are several cases in which the FDIC has\ntaken targeted and aggressive action against the board of directors and senior management of\ncertain institutions that had substantially ineffective BSA compliance program policies and\nprocedures in place. Some of these cases are discussed more fully below.\n\nIndividual Enforcement Action Cases. The following case descriptions demonstrate that the\nDSC takes aggressive, appropriate measures when the risk for potential money laundering and\nserious BSA program problems exist.\n\nForeign-owned, state non-member bank and its Federally-insured foreign branches.\n\nAt the time of this enforcement action, the institution operated four separately chartered foreign\nbranches and a state non-member institution. In 2002, one branch was subject to a Section 8(p)\nOrder to Terminate Deposit Insurance, as it was not engaged in the business of receiving deposits\n(other than trust funds). Also, in 1994, the state non-member institution and its affiliates\nconsented to the issuance of a Section 8(b) Order to Cease & Desist for operating in violation of\nFDIC Rules and Regulations that implement Treasury\xe2\x80\x99s rules for BSA compliance. The Order\nrequired the prompt correction of numerous significant violations resulting from an inadequate\nBSA compliance program. The Order was terminated in 1995. All of these entities operate\nwithin HIFCAs.\n\nA 2001 examination of the foreign branches, conducted concurrently by the FDIC, Federal\nReserve Bank (\xe2\x80\x9cFRB\xe2\x80\x9d), and a state banking department, identified a number of deficiencies and\nviolations, including significant BSA compliance weaknesses. The deficiencies cited at the\nbranches and agencies of the foreign branches did not include the state non-member institution,\nwhich was the subject of the previous enforcement action taken in 1994 and terminated in 1995\n(see paragraph above). Additionally, subsequent to the deficiencies noted at the 2001\nexamination of the foreign branches, the FDIC initiated a targeted BSA examination of the state\nnon-member institution. The examination concluded that the state non-member institution had\nmaintained an effective BSA compliance program.\n\nAppropriate guidelines at these branches are considered vital since its operations are considered\nto be high-risk for AML purposes, due to the large volume of wire transfer activity and U.S.\ndollar-denominated checks purchased by customers at the 700 domestic and foreign branches.\n\n\n\n\n                                                      74\n                                  This Report Contains Confidential Information\n                 For Official Use Only                                   Restricted Information\n\x0c                                                                                                   APPENDIX IX\n                                   CORPORATION COMMENTS\n\n      Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\nAs a result of the high-risk profile of the institution and the severity of these problems, including\nthe repetitive nature of the BSA-related deficiencies, the supervising agencies jointly issued, in\n2001, a Section 8(b) Order to Cease & Desist and assessed a civil money penalty against the\nbranches. However, the state non-member institution was not made a part of those formal\nactions.\n\nState non-member institution and two principals, individually\n\nIn this instance, the state non-member institution is located in a HIFCA. In 2003, the former\npresident and director, stipulated to the issuance of an Order of Prohibition from Further\nParticipation. The Order resulted from discovery of activities conducted by the former president\non behalf of a family member and a former bank director, which were in violation of the BSA.\nSpecifically, the individual, while serving as bank president willfully and repeatedly engaged in\nthe structuring of cash transactions to avoid reporting requirements and attempted to conceal\nthose activities. This matter was discovered by bank staff in 2001, which prompted a FDIC\nvisitation and ultimately a full-scope BSA examination, which was jointly conducted by the\nFDIC and the state banking authority. The individual resigned from the bank in 2002.\n\nThe full-scope BSA examination conducted in 2002, identified numerous deficiencies in policies\nand procedures relating to BSA compliance. In 2003, the FDIC and state regulator jointly issued\na Section 8(b) Order to Cease & Desist, which was primarily a result of the significant\nweaknesses in the bank\xe2\x80\x99s BSA compliance program, including numerous violations of law.\n\nThe FDIC also pursued a Section 8(e) action against a former bank director for participation in\nstructuring cash transactions to avoid reporting requirements. In 2004, the individual executed a\nStipulation and Consent to the Issuance of an Order of Prohibition.\n\nFederally-insured foreign branches\n\nIn this example, a foreign bank had two United States Federally-insured foreign branches, both\nof which are located in HIFCAs. Targeted BSA examinations of both branches were conducted\nin 1999. These visitations identified significant weaknesses in the branch policies and practices\nrelated to BSA compliance, including numerous apparent violations of the rules implementing\nthe BSA. The FDIC issued a Section 8(b) Order to Cease and Desist in 2000, against both\nbranches.\n\nFinCEN assessed a Civil Money Penalty for failure to comply with the reporting and\nrecordkeeping requirements of the BSA. Additionally, the branches\xe2\x80\x99 failure to comply with\n\n\n\n\n                                                       75\n                                   This Report Contains Confidential Information\n                  For Official Use Only                                   Restricted Information\n\x0c                                                                                                  APPENDIX IX\n                                  CORPORATION COMMENTS\n\n      Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\ncurrency transaction report (\xe2\x80\x9cCTR\xe2\x80\x9d) filing requirements exposed the entities to elevated risk of\npossible money laundering activities.\n\nState-chartered savings bank and insider, individually\n\nIn 2000, the former president and chief executive officer of the institution, stipulated to the\nissuance of a Section 8(e) Order of Prohibition from Further Participation. The Order resulted\nfrom discovery of activities by the respondent which were in violation of the BSA. Specifically,\nthe individual, while serving as president and chief executive officer of the bank, willfully and\nrepeatedly engaged in the structuring of cash deposits on behalf of a bank customer and\nattempted to conceal these activities. This matter was discovered internally by the bank BSA\nofficer. The former president and chief executive officer was removed from banking industry in\n2001.\n\nState non-member institution and two insiders, individually\n\nThis state non-member institution is located in a HIFCA. The institution stipulated to a Section\n8(b) Order to Cease & Desist in 2002, as a result of the poor financial condition and weak\nmanagement of the institution as detailed in a 2002 Report of Examination. While under the\nexisting Order, the FDIC and state banking regulator conducted a joint examination in 2003.\nDuring that examination problems were identified in the institution\xe2\x80\x99s BSA compliance program,\nincluding a number of apparent violations related to poor program controls, as well as suspected\nillicit activities of the former president and chief executive officer and former chief lending\nofficer. The apparent violations included structuring currency transactions to avoid reporting\nrequirements, directing bank staff not to file required CTRs and facilitating check kiting and\nmoney laundering by bank customers.\n\nState non-member institution\n\nThis state non-member institution is located in a HIFCA. Findings documented in the 1998\nFDIC visitation report relate to the institution\xe2\x80\x99s inadequate BSA compliance efforts, significant\nweaknesses in policies and practices, and numerous apparent violations of the rules\nimplementing the BSA. As a result of the weaknesses identified at the visitation and the\nrepetitive pattern of apparent violations, the FDIC issued a Section 8(b) Order to Cease and\nDesist. The institution implemented acceptable and appropriate corrective actions, and the Order\nwas terminated in 2000.FinCEN assessed a civil money penalty for deficient BSA compliance\nprocedures and failure to comply with suspicious activity report (\xe2\x80\x9cSAR\xe2\x80\x9d) filing requirements.\n\n\n\n\n                                                      76\n                                  This Report Contains Confidential Information\n                 For Official Use Only                                   Restricted Information\n\x0c                                                                                              APPENDIX IX\n                              CORPORATION COMMENTS\n\n Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\n\nTable 1                Summary of Individual Enforcement Action Case Activity\n\n          Institution Name                  Enforcement            Effective         CMP Assessed\n                                            Action Type              Date\nForeign-owned, state non-member                     8(b)                 2001                     Yes\nbank and affiliated Federally-                      8(b)                 1994                    None\ninsured foreign branches\nState non-member institution and                 8(b); 8(e);               2003                  None\ntwo principals, individually                            8(e)               2004\n\nFederally-insured foreign                                8(b)              2000                   Yes\nbranches\nState-chartered savings bank and                         8(e)              2000                  None\ninsider, individually\nState non-member institution and                         8(b)              2003                  None\ntwo insiders, individually\n\nState non-member institution                             8(b)              1998                   Yes\n\n\n\n\n                                                  77\n                              This Report Contains Confidential Information\n             For Official Use Only                                   Restricted Information\n\x0c                                                                                                     APPENDIX IX\n                                     CORPORATION COMMENTS\n\n       Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\nREFINING SUPERVISORY STRATEGIES\n\nThe FDIC is proactive in the development and implementation of measures to comply with the\nUSA PATRIOT Act and combat money laundering and terrorist financing. One fundamental\nactivity has been participation in numerous interagency working groups formed for the purpose\nof drafting risk-based revisions to the BSA, as required by the USA PATRIOT Act, and\ndeveloping interpretive guidance for the financial services community. The DSC has\nparticipated in the following working groups, which were established for the following Sections\nof the USA PATRIOT Act:\n\xe2\x80\xa2    311- Special Measures for Jurisdictions, Financial Institutions, or International Transactions of\n     Primary Money Laundering Concern\n\xe2\x80\xa2    312 -Special Due Diligence for Correspondent Accounts and Private Banking Accounts\n\xe2\x80\xa2    313/319- Prohibition on United States Correspondent Accounts with Foreign Shell Banks and\n     Forfeiture of Funds in United States Interbank Accounts\n\xe2\x80\xa2    314-Cooperative Efforts to Deter Money Laundering\n\xe2\x80\xa2    324-Report and Recommendation (On Subtitle A- International Counter Money Laundering and\n     Related Measures of Title III of The Act)\n\xe2\x80\xa2    325-Concentration Accounts at Financial Institutions\n\xe2\x80\xa2    326-Verification of Identification\n\xe2\x80\xa2    327-Consideration of AML Record\n\xe2\x80\xa2    352-AML Programs\n\nIn accordance with the provisions of the USA PATRIOT Act and through cooperation with other\nregulatory partners, the DSC revised the BSA Examination Procedures28 to establish guidance\nfor reviewing AML and counter-terrorist financing (\xe2\x80\x9cCTF\xe2\x80\x9d) compliance programs. This\nguidance was released to examiners on August 15, 2003, and to the banking community on\nOctober 17, 2003. The DSC is currently updating the Division\xe2\x80\x99s Manual of Examination\nPolicies to incorporate relevant provisions of the USA PATRIOT Act, augment the OFAC\nguidance, and update a variety of other sections. Furthermore, the DSC continues to work with\nother bank supervisors, including the many State authorities that comprise the Conference of\nState Bank Supervisors (\xe2\x80\x9cCSBS\xe2\x80\x9d), in issuing both examiner and industry guidance.\n\n\n28\n  When the DSC released the augmented examiner guidance to the banking industry in October 2003, it was slightly\ndifferent than the guidance released by the FRB, OCC, and NCUA. Although the revised guidance was a result of\ninteragency efforts, there is one notable difference. The other agencies released guidance for only Sections 313/319\nand 314 of the USA PATRIOT Act. Our examination guidance is comprehensive and covers all of the newly issued\nrules required by the USA PATRIOT Act. Given the importance of the Customer Identification Program rule as a\ngatekeeper to prevent money launderers and terrorists from having access to U.S. banks, we believed it was\nnecessary that examiners have guidance to review compliance with this rule as soon as possible.\n\n\n\n\n                                                         78\n                                     This Report Contains Confidential Information\n                    For Official Use Only                                   Restricted Information\n\x0c                                                                                                  APPENDIX IX\n                                  CORPORATION COMMENTS\n\n      Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\nAdditionally and in relation to potential money laundering or terrorist financing threats, the DSC\nchanged the application review program to consider prohibitions against certain types of\nrelationships with financial institutions, particularly foreign shell banks. The DSC has amended\nthe Statement of Policy on Bank Merger Transactions to consider the effectiveness of any\ninsured depository institution involved in a proposed merger transaction in combating money\nlaundering activities, including in overseas branches.\n\nTo help facilitate cooperation with law enforcement authorities in their ongoing investigation of\nterrorist activities through the implementation of Section 314(a) of the USA PATRIOT Act, the\nDSC worked with the other federal banking agencies to add emergency contact and Section\n314(a) POC information to the Consolidated Reports of Condition and Income (\xe2\x80\x9cCall Report\xe2\x80\x9d).\nThe POC line item ensures that the information is current and updated quarterly. The FDIC is\nthe first among the banking regulators to automate the process that provides the most current\nPOC information to FinCEN, who in turn distributes Section 314(a) name search requests to\nfinancial institutions. Also, with respect to Section 314(a) banker POC data, in 2004 the FDIC\nwill function as the liaison between FinCEN and the OCC.\n\nIndustry Outreach. The DSC has already taken steps to educate field staff and members of the\nbanking industry on USA PATRIOT Act and BSA compliance rules at training conferences,\nseminars, Directors\xe2\x80\x99 Colleges, and FDIC-sponsored training courses. In 2003 alone, FDIC staff\ndiscussed AML issues at approximately 130 different venues.\n\nThe DSC also implemented a written form of communication to distribute AML guidance to the\nbanking industry through Financial Institution Letters (\xe2\x80\x9cFILs\xe2\x80\x9d). The FDIC issues FILs\naddressing AML measures as well as lists of Specifically Designated Nationals and Blocked\nPersons and Specifically Designated Global Terrorists. Since 2002, the DSC has issued 16 FILs\naddressing BSA compliance and AML measures. These FILs provide bankers with guidance on\ntopics such as: customer due diligence and detecting terrorist activity; rule changes and required\nBSA forms, including changes related to the USA PATRIOT Act; and SAR Reviews, which are\nprepared and issued by FinCEN. Since 2002, the DSC has also issued 68 FILs notifying the\nbanking industry of changes to the OFAC list of terrorists and specially designated nationals.\n\nFurthermore, the DSC\xe2\x80\x99s Manual of Examination Policies as well as examination procedures were\nmade available to bankers via the FDIC\xe2\x80\x99s external website. The DSC is in the process of\nincorporating BSA, AML, and CTF guidance on the FDIC\xe2\x80\x99s external website.\n\n\n\n\n                                                      79\n                                  This Report Contains Confidential Information\n                 For Official Use Only                                   Restricted Information\n\x0c                                                                                                   APPENDIX IX\n                                   CORPORATION COMMENTS\n\n      Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\nGlobal Counter-Terrorist Financing Initiatives and Technical Assistance. The DSC believes\nthat strong governance of foreign banking programs contributes to the stability of foreign\neconomies, enhances trade opportunities for U.S. companies, and reduces opportunities for\nmoney laundering. Therefore, the DSC actively participates in working groups and technical\nassistance missions sponsored by the Departments of State and Treasury to assess vulnerabilities\nto terrorist financing activity worldwide and to develop and implement plans to assist foreign\ngovernments in the enforcement efforts directed towards financial crimes. To facilitate its\ncommitment to these assignments, the FDIC established a twenty-two member task force\ncomprised of examiners and attorneys that have received specialized AML and CTF training.\n\nIn 2002, the FDIC provided AML technical assistance and CTF training to the governments of\nthe Republic of Marshall Islands, Fiji, and Pakistan. Also in 2002, FDIC\xe2\x80\x99s staff met with\nsupervisory and law enforcement representatives, senior prosecutors, and financial intelligence\nunit directors from Brazil, St. Lucia, Dominica, Barbados, St. Vincent and the Grenadines,\nAntigua, Grenada, Chile, and Russia. Another foreign-directed BSA training program was held\nby the FDIC for representatives from Germany, Armenia, Venezuela, Bosnia and Herzegovina,\nSerbia, Bulgaria, Hungary, Canada, Estonia, Hong Kong, China, Indonesia, Japan, Thailand,\nCzech Republic, Mozambique, and Turkey.\n\nIn 2003, FDIC experts participated in technical assessment missions to Bangladesh, the Republic\nof Palau, Macau, China, and Panama and also provided AML and CTF training to regulators\nfrom Bahrain, Egypt, Jordan, Pakistan, Qatar, Saudi Arabia, Panama, Brazil, Argentina,\nParaguay, Venezuela, Thailand, Malaysia, Philippines, and Indonesia. Also, in 2003, FDIC met\nwith supervisory representatives from Anguilla, Antigua, Armenia, Aruba, Austria, the Bahamas,\nBarbados, Barbuda, Belize, Brazil, British Virgin Islands, the Cayman Islands, Dominica,\nEstonia, Grenada, Guyana, Haiti, Italy, Jamaica, Montserrat, Netherlands Antilles, Poland,\nRussia, St. Kitts and Nevis, St. Lucia, St. Vincent and the Grenadines, Suriname, Taiwan,\nTrinidad and Tobago, and the Turks and Caicos Islands. In addition, the FDIC provided training\nto central bankers from Korea, Nigeria, and Bahrain on AML and the USA PATRIOT Act. In all\ncases, the visitors were very interested in the FDIC\xe2\x80\x99s AML examination programs and our\nprogress in implementing the USA PATRIOT Act provisions.\n\nAlso, the FDIC has participated in a number of meetings with the FATF on developing anti-\nmoney laundering recommendations, including the October 2001 extraordinary plenary held in\nWashington, D.C. This plenary developed several anti-terrorist funding recommendations that\nare currently used as standards by the international community when assessing a country\xe2\x80\x99s\nvulnerabilities to terrorist funding and the adequacy of the measures it has in place to curtail such\nactivity. The FDIC continues to participate in FATF\xe2\x80\x99s WGTF through interagency meetings\nheld at the Treasury.\n\n\n\n\n                                                       80\n                                   This Report Contains Confidential Information\n                  For Official Use Only                                   Restricted Information\n\x0c                                                                                                  APPENDIX IX\n                                  CORPORATION COMMENTS\n\n      Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\n\nFurthermore, through participation on the Basel Committee, the FDIC has been involved in the\ndecision-making process that led to the approval and issuance of a number of international\nguidelines on money laundering. For example, the DSC participated in the decision-making\nprocess of the Basel Committee in reviewing the \xe2\x80\x9cKnow Your Customer\xe2\x80\x9d risk management\nreport and evaluated the progress report on jurisdictions with cross-border banking impediments.\n\nDomestic Anti-Money Laundering and Counter-Terrorist Financing Initiatives. For many years,\nthe DSC has worked with the Treasury, FinCEN and the other banking agencies in setting\ninternational standards, developing policies, and implementing best practices to combat money\nlaundering and more recently, terrorist funding, as part of the United States AML regime. For\nexample, the Money Laundering Suppression Act of 1994 required the agencies, in consultation\nwith the Treasury and appropriate law enforcement agencies, to review and enhance their\nprocedures to better evaluate financial institutions\xe2\x80\x99 programs to identify money laundering\nschemes involving depository institutions. This statute led to an interagency project to revise\nexamination procedures. Since then, the DSC continues to work with the other federal and state\nbanking agencies to issue risk-focused examination procedures designed to evaluate a financial\ninstitution\xe2\x80\x99s AML program and compliance with the BSA and rules implementing the USA\nPATRIOT Act.\n\nSince 1999, the DSC has participated in the Steering Committee to oversee the implementation\nof the National Money Laundering Strategy, an annual effort led by the Departments of Justice\nand Treasury. The interagency effort was required by the Money Laundering and Financial\nCrimes Strategy Act of 1998. The DSC works with each of the sub-groups charged with\naddressing the Strategy\xe2\x80\x99s action items related to the supervision of financial institutions. The\nDSC also participates in a workgroup to draft the \xe2\x80\x9cInternational Narcotics Control Strategy\nReport,\xe2\x80\x9d which is the Department of State\xe2\x80\x99s annual report on illicit drug-control and money\nlaundering activities.\n\nFinally, another of the DSC\xe2\x80\x99s proactive efforts to ensure that examiners can better identify\nmoney laundering schemes is our participation in the planning and development of AML training\nfor examiners that is sponsored by the Federal Financial Institutions Examination Council\n(\xe2\x80\x9cFFIEC\xe2\x80\x9d).\n\n\nOVERALL ASSESSMENT OF DSC SUPERVISORY APPROACH\n\nThe DSC agrees that a vigilant BSA supervisory program requires that appropriate supervisory\nactions be taken to support compliance with Treasury and FDIC guidance. Our supervisory\n\n\n\n\n                                                      81\n                                  This Report Contains Confidential Information\n                 For Official Use Only                                   Restricted Information\n\x0c                                                                                                  APPENDIX IX\n                                  CORPORATION COMMENTS\n\n      Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\nprocesses are risk focused and designed to correlate our efforts to areas of risk, thereby\ndeploying appropriate emphasis across a continuum of low- to high-risk areas. Thorough\nexaminer assessment and our internal supervisory reviews are critical to these determinations.\nThe DSC is committed to proactive, vigilant, and effective examination processes to monitor and\nmitigate risks in the institutions we supervise. The DSC continues to assess potentially high-risk\nsituations, through onsite and offsite examination programs, and is confident that our supervision\nof such situations is effective and efficient.\n\nOverall, the DSC has been responsive to the intent of the BSA by establishing a comprehensive\nsupervisory approach, which includes conducting BSA compliance examinations and ensuring\nan appropriate supervisory approach when BSA concerns exist in FDIC-supervised institutions.\nAdditionally, the DSC has been proactive in addressing recent changes to the BSA by being an\nactive participant in the USA PATRIOT Act rulemaking process, incorporating those rules into\nexaminer and industry guidance, providing various forms of examiner and industry training and\noutreach sessions, and assisting in global AML and CTF efforts.\n\n\n\n\n                                                      82\n                                  This Report Contains Confidential Information\n                 For Official Use Only                                   Restricted Information\n\x0c                                                                                                   APPENDIX IX\n                                   CORPORATION COMMENTS\n\n      Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\nAPPENDIX A: OIG AUDIT OF DSC\xe2\x80\x99S BSA\n\nThe FDIC OIG conducted an audit concerning the BSA. The draft audit report Supervisory Actions\nTaken for Bank Secrecy Act Violations was issued February 20, 2004. The objective of the audit is to\ndetermine whether FDIC adequately follows up on BSA violations reported for FDIC-supervised\nfinancial institutions, to ensure the institutions take appropriate corrective action. The OIG\xe2\x80\x99s\nsample for the audit consisted of a large percent (63 percent) of banks that are not located in\nMSAs. Statistically, FDIC-supervised financial institutions are located in more rural areas.\nAdditionally, in these non-MSA institutions, management and staff have considerably more\nknowledge of the customer base, and therefore a significantly reduced risk of money laundering\nexists.\n\nAppendix A provides an evaluation of institutions in the OIG\xe2\x80\x99s sample, wherein the OIG\ndetermined that the DSC did not have adequate follow-up29 to the violations and criticisms cited\nin the sampled reports of examination (see Table 2). Each Regional Office (\xe2\x80\x9cRO\xe2\x80\x9d) provided an\nanalysis of the supervisory approach taken regarding each of the criticized institutions. The\nfollowing analysis discusses the OIG\xe2\x80\x99s concern(s), the supervisory approach to the criticized\nissues, and an overall conclusion of the supervisory approach. This analysis also considers each\ninstitution\xe2\x80\x99s BSA risk coupled with the supervisory approach.\n\nData on Table 2 represents: (a) the 43 institutions in the OIG\xe2\x80\x99s original sample (two\ninstitutions30 were removed from the OIG sample); (b) limited supervisory data;\n(c) asset-ranges; (d) the OIG\xe2\x80\x99s assessment of the DSC\xe2\x80\x99s supervisory approach to each\ninstitution\xe2\x80\x99s situation (the OIG determined that an adequate follow-up process should occur with\n12 months, and as part of that process the DSC should issue an enforcement action for repeat\nviolations); and (e) the DSC\xe2\x80\x99s evaluation of its supervisory approach related to each institution.\nFor the 17 institutions where the OIG determined that DSC had an adequate follow-up process\n(2, 4, 6, 7, 10, 13, 15, 16, 18, 22, 28, 29, 31, 32, 35, 36, and 38), no further analysis is provided.\nHowever, for the 24 institutions where the OIG determined that DSC did not have an adequate\nfollow-up process, a comprehensive evaluation of DSC\xe2\x80\x99s supervisory approach is documented.\nAdditionally, there is an analysis regarding the supervisory approach taken for the two\ninstitutions eliminated from the sample since those institutions were categorized as having an\ninadequate follow-up process by the OIG in January 2004: the two institutions were\nunexpectedly removed from the sample during the DSC analysis phase.\n\n\n29\n  Adequate follow up as described by the OIG must occur within 12 months.\n30\n  Two institutions were removed from the OIG\xe2\x80\x99s sample in January 2004. The reason(s) for the\nremoval is unknown.\n\n\n\n\n                                                       83\n                                   This Report Contains Confidential Information\n                  For Official Use Only                                   Restricted Information\n\x0c                                                                                                  APPENDIX IX\n                                  CORPORATION COMMENTS\n\n      Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\nThe DSC\xe2\x80\x99s assessment of its supervisory program is that appropriate corrective measures were\ntaken with all institutions in the sample. The DSC\xe2\x80\x99s findings of the sampled institutions is that in\nthe vast majority (38 of 41, or 92.7 percent) of instances, the DSC responded expeditiously while\nincorporating the sufficient response time for bank management to correct identified problems.\nIn serious cases where bank management willfully neglected BSA rules or was unresponsive to\nregulatory criticism and guidance, or when the DSC identified insider abuse, enforcement action\nwas taken. The assessment of the OIG\xe2\x80\x99s sample confirms the DSC\xe2\x80\x99s effective supervisory\napproach regarding FDIC-supervised institutions\xe2\x80\x99 compliance with the BSA. However, the DSC\nrecognizes that in three of the 41 (7.3 percent) institutions, a more expeditious response should\nhave occurred.\n\nNone of the OIG\xe2\x80\x99s sampled institutions have money laundering problems, reputational risk\nrelated to the BSA, or increased safety and soundness risk to the institution. Rather, most of the\ninstitutions had internal weaknesses that could be easily strengthened, addressed, and corrected\nby management and monitored with the normal supervisory approach employed by the DSC.\n\nThe OIG sample did not target geographic concentrations of higher money laundering risk, or\ninstitutions where money laundering has been suspected or detected. The OIG also did not look\nat supervisory actions taken in instances of serious BSA program deficiencies, analyze the risk\nfor money laundering in the sample institutions, have discussions with examiners, or assess the\nBSA examination process.\n\nThe map inserted on page 19 (the map has been removed from this document to protect the\nidentities of the OIG-sampled institutions) displays the OIG\xe2\x80\x99s sampled institutions delineated\nbetween metropolitan areas, non-metropolitan areas, and HIFCAs (to show geographic areas of\nhigh-risk in regard to potential money laundering). Only two of the 41 financial institutions\nincluded in the OIG audit sample are located within HIFCAs. Additionally, the map inserted on\npage 20 (the map has been removed from this document to protect the identities of the OIG-\nsampled institutions) shows institutions identified by the OIG as having inadequate follow-up.\n\nThe DSC closely monitors and escalates its supervisory approach, as necessary, for institutions\nlocated in HIFCAs and other metropolitan areas as well as institutions that have a high volume of\nreportable transactions. Based on our review of the seven-year audit period, the majority of\nformal enforcement actions taken by the FDIC against financial institutions and individuals\noccurred in HIFCAs, which, in our opinion, supports the designation of such areas.\n\n\n\n\n                                                      84\n                                  This Report Contains Confidential Information\n                 For Official Use Only                                   Restricted Information\n\x0c                                                                                           APPENDIX IX\n                           CORPORATION COMMENTS\n\n                                  Table\nInternal Assessment of DSC\xe2\x80\x99s Program    2 aluate Bank Compliance with the BSA.\n                                     to Ev\n\n\n\n\n                                               85\n                           This Report Contains Confidential Information\n          For Official Use Only                                   Restricted Information\n\x0c                                                                                           APPENDIX IX\n                           CORPORATION COMMENTS\n\nInternal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\n                          This page is intentionally left blank.\n\n\n\n\n                                               86\n                           This Report Contains Confidential Information\n          For Official Use Only                                   Restricted Information\n\x0c                                                                                           APPENDIX IX\n                           CORPORATION COMMENTS\n\nInternal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\n                          This page is intentionally left blank.\n\n\n\n\n                                               87\n                           This Report Contains Confidential Information\n          For Official Use Only                                   Restricted Information\n\x0c                                                                                                     APPENDIX IX\n                                     CORPORATION COMMENTS\n\n       Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\n\n                                            OIG Bank Sample\n\nInstitution #1                                                           Low BSA Risk\n\n    Year           Total            Rating                      BSA Violations (#)\n                   Assets\n                  ($ Million)\n     2003          $101 - $125 Highly Rated        (1)-Inadequate controls/326.8(b)\n     2002           $51 - $100 Highly Rated        (1)-Independent testing/326.8(c)(2)\n     2000           $51 - $100 Highly Rated        (1)-Independent testing/326.8(c)(2)\n     1999           $51 - $100 Highly Rated        NA\n     1997           $51 - $100 Highly Rated        None\n State performs review of prior BSA violations.\n\nOIG Concerns:\nOIG indicated the following concern from the 2000 examination.\n\n        1. Independent testing of BSA had not been performed by bank personnel, consultants,\n           or external auditors. Bank management agreed to have testing performed in 2000.\n           Follow-up by the state examiners during the 2002 examination indicated that the bank\n           was still in violation and had not performed independent BSA testing. Report of\n           Examination (\xe2\x80\x9cROE\xe2\x80\x9d) dated 2003, does not specifically address independent BSA\n           testing.\n\nOIG indicated the following concern from the 2003 examination.\n\n        2. Examiners found 25 cases totaling $225,000 where cash withdrawals from checking\n           accounts were just below $10,000. Bank management agreed to review large cash\n           items, continue to monitor this account, and comply with the provisions of the BSA.\n\nSupervisory Actions:\n1. A violation of Section 326.8 (c)(2) was cited at the 2000 FDIC examination for failure to\n   provide for an independent test of the bank\xe2\x80\x99s compliance with BSA. No other BSA\n   violations were cited. The ROE notes that BSA practices at the bank are adequate. The\n   interim president stated that the bank\xe2\x80\x99s external auditors would perform the test in 2000.\n\n    The bank\xe2\x80\x99s response letter to the ROE findings and transmittal letter, in\n\n\n\n\n                                                         88\n                                     This Report Contains Confidential Information\n                    For Official Use Only                                   Restricted Information\n\x0c                                                                                                     APPENDIX IX\n                                     CORPORATION COMMENTS\n\n       Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\n    2001, indicates that the bank\xe2\x80\x99s external auditors, had not yet conducted a BSA review but\n    would include a review as part of their audit.\n\n    The bank\xe2\x80\x99s external auditors had not reviewed BSA by the next examination, which was\n    conducted by the state. A violation of Section 326.8 (c) was cited in the state\xe2\x80\x99s 2002\n    examination for failure to provide for independent testing. The bank\xe2\x80\x99s auditors had\n    conducted a BSA review by the time of the next FDIC examination. The work papers for the\n    2003 FDIC examination include documentation of the bank\xe2\x80\x99s external auditor performing an\n    independent test of BSA at their audit in 2002.\n\n2. Bank management, in response to the ROE findings and transmittal letter, agreed to review\n   large cash items, continue to monitor these accounts, and comply with the provisions of the\n   BSA.\n\nAssessment of Follow-up Action:\nWhile Section 326.8(c) violations were cited at consecutive examinations, the violations were\nisolated and technical in nature and the overall BSA compliance program was considered\nadequate. Management obtained an independent review of the program prior to the subsequent\nFDIC examination; therefore, no additional follow-up supervisory action was necessary. Given\nthe bank\xe2\x80\x99s small asset size, rural location, low volume of reportable transactions, adequate\nmanagement, and no prior BSA supervisory concern, follow-up on management deficiencies\nwithin the regular examination cycle is considered appropriate.\n\nInstitution #3                                                                    Low BSA Risk\n\n   Date           Total             Rating                      BSA Violations (#)\n                  Assets\n                  ($Million)\n    2002           $126 - $150 Highly Rated        NA\n    2001           $101 - $125 Highly Rated        None\n    1999            $51 - $100 Highly Rated        NA\n    1998            $51 - $100 Highly Rated        (1)-Independent testing/326.8(c)(2)\n State performs review of prior BSA violations.\n\nOIG Concern:\nAdequate independent testing at the bank had not been conducted. This violation was also cited\nin the 1995 examination. Bank management assigned an independent employee at the bank to\nperform the testing.\n\n\n\n\n                                                         89\n                                     This Report Contains Confidential Information\n                    For Official Use Only                                   Restricted Information\n\x0c                                                                                                  APPENDIX IX\n                                  CORPORATION COMMENTS\n\n      Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\nSupervisory Actions:\n\nThe 1995 FDIC compliance examination of this $51 - $100 million bank cited violations of\nSections 326.8 (b) and (c)(2) for not having an adequate compliance program, due to a lack of\nindependent testing. The BSA officer was also responsible for reviewing the adequacy of the\nbank\xe2\x80\x99s compliance program. No other BSA exceptions were cited in the 1995 examination. The\nbank\xe2\x80\x99s 1995 response to the ROE transmittal letter states that management had reviewed the\nBSA policy and that the policy would be amended to include a system of independent testing for\ncompliance by bank personnel or by an outside party. The response also stated that the subject\nwas reviewed by the CPA firm that does the bank\xe2\x80\x99s directors\xe2\x80\x99 audit and that testing for\ncompliance will be included in their report to the directors.\n\nThe 1998 ROE again noted a violation of Section 326.8(c)(2) for lack of independent testing.\nThe examiners recognized independent testing by the bank\xe2\x80\x99s CPA, but the testing was conducted\nin the form of questioning employees regarding their knowledge of BSA. The method of testing\nwas not considered adequate independent testing. The ROE further notes that the bank president\ndesignated an employee, who was independent of the BSA function, during the examination to\nperiodically perform testing on an ongoing basis. No other BSA problems were noted.\n\nThe bank provided an audit report conducted by the bank\xe2\x80\x99s CPA firm in 1998, that stated that\nthey had: (1) reviewed the bank\xe2\x80\x99s policy; (2) noted that training sessions are conducted for all\nnew hires and annually for all staff; (3) that CTRs, the large items report, and the uncollected\nfunds reports are reviewed daily; (4) monthly internal audits of BSA compliance are conducted\nby formal reports; and (5) the CPAs had sampled CTRs filed in 1998 for completeness and\ntimeliness. The audit report findings stated that the BSA system appeared to ensure BSA\ncompliance.\n\nAssessment of Follow-up Action:\nBank management responded to and addressed the problem within four months of the 1995\nexamination. The repeat nature of the violation in the 1998 examination is not due to a lack of\ntesting, but to the thoroughness of testing. When identified during the 1998 examination, the\nbank again responded immediately during the examination. The bank also provided\ndocumentation from a CPA audit in 1998 (a copy was sent to the RO) confirming the form and\ntype of testing.\n\n\n\n\n                                                      90\n                                  This Report Contains Confidential Information\n                 For Official Use Only                                   Restricted Information\n\x0c                                                                                                     APPENDIX IX\n                                     CORPORATION COMMENTS\n\n       Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\n\nInstitution #5 (\xe2\x80\x9cinactive\xe2\x80\x9d)                                                 Low BSA Risk\n  Date      Total Assets           Rating                       BSA Violations (#)\n                ($ Million)\n   1999           $101 - $125     Highly Rated     NA\n   1998            $51 - $100     Highly Rated     (8)- Improper exemption or limit/103.22(b),(c)\n State performs review of prior BSA violations.\n\nOIG Concern:\nFollow-up of apparent violations cited for inappropriate exemption limits in the\n1998 ROE exceeded 12 months.\n\nSupervisory Action:\nBank is INACTIVE. The bank had established inappropriate exemption limits for six exempted\ncustomers, as a result of a misinterpretation of the regulation. The violations were technical in\nnature involving CTRs and corrected at the examination. The issue of backfiling was referred to\nthe IRS. The IRS sent a letter in 1998 to the bank discussing the issue and did not require the\nbank to backfile the CTRs. The level of follow-up is appropriate for this type of violation. The\nbank was merged into another institution in 2000.\n\nAssessment of Follow-up Action:\nDuring the examination, management corrected the exemption limits and indicated that the IRS\nwould be contacted concerning backfiling of CTRs. Supervisory action was appropriate, given\nthe isolated and technical nature of the infractions, as well as the overall low-risk BSA profile of\nthe institutions.\n\nInstitution # 8                                                                   Moderate BSA Risk\n    Date          Total              Rating                       BSA Violations (#)\n                  Assets\n                 ($ Million)\n    2003          $51 - $100     Highly Rated      None\n    2002          $51 - $100     Highly Rated      None\n    2000          $51 - $100    Moderately Rated   (10)- Late CTR Filings/103.27(a);\n                                                   (1)- Inadequate controls/326.8(c)(1)\n     1999         $51 - $100      Low Rated        None\n     1998         $51 - $100 Moderately Rated (1)- Independent testing/326.8(c)(2)\n State does include BSA examination procedures within the scope of its regular examinations.\n\nOIG Concern:\nFollow-up did not occur within 12 months on violations and concerns noted in 1998 FDIC ROE.\n\n\n\n\n                                                         91\n                                     This Report Contains Confidential Information\n                    For Official Use Only                                   Restricted Information\n\x0c                                                                                                   APPENDIX IX\n                                   CORPORATION COMMENTS\n\n      Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\n\nSupervisory Action:\nThe 1998 ROE cited apparent violations of Section 326.8(c)(2) for lack of independent testing of\nthe BSA compliance program. During the examination, bank management committed to\ncorrective action. The 1999 ROE from the state bank regulator cited numerous errors in CTRs,\nbut did not repeat the criticism of independent testing. Apparent violations of Sections\n103.27(a)(1) and 326.8(c)(1) were cited at the 2000 FDIC examination, due to numerous late\nfilings of CTRs and several deficiencies in the internal control structure of the bank.\nIndependent testing at the 2000 examination was deemed to be adequate. Due to the poor\nfinancial condition of the bank and pronounced management deficiencies noted in the 1999 state\nregulator ROE, the institution entered into a MOU. Provisions within the MOU did not specify\nBSA weaknesses; however, there was a provision requiring management to correct all violations\ncited within the ROE, which includes those cited for BSA. Substantial compliance was not\nnoted until the 2002 FDIC examination.\n\nBank Profile:\nBank is a $51-$100 million institution in a northeast state. The bank has experienced some\nproblems, indicated by the low rating assessed in 1999 and moderate rating as recently as the\n2000 examination. However, the institution was upgraded to highly rated in the 2002\nexamination. Bank management is currently highly rated. However, management has been rated\nmoderate or low at examinations dating back to 1996.\n\nThe bank is considered a moderate BSA risk due to overall management deficiencies within the\ninstitution, continued identification of weaknesses in the BSA compliance program, and\nexaminer discovery of potential transaction structuring at the 2000 and 2002 FDIC examinations.\nAs a result of the 1998 FDIC examination, the institution was more closely watched by the RO.\n\nAssessment of Follow-up Action:\nIn general, the DSC concurs with the OIG regarding the follow-up for this bank. The RO is\nunable to locate documentation supporting the actions taken to ensure the bank corrected\ndeficiencies noted in the 1998 ROE.\n\nA safety and soundness MOU was entered into as a result of the 1999 state examination;\nhowever, the state examination does not cite any BSA weaknesses, therefore, the MOU does not\naddress BSA. The apparent violations of BSA cited in the 2000 ROE address different program\nweaknesses than those cited in 1998 and are not considered repeat violations. As a result of the\nfindings from the 1998 examination, the institution was more closely watched by the RO.\n\nInstitution # 9                                                                 Moderate BSA Risk\n\n\n\n\n                                                       92\n                                   This Report Contains Confidential Information\n                  For Official Use Only                                   Restricted Information\n\x0c                                                                                                     APPENDIX IX\n                                     CORPORATION COMMENTS\n\n       Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\n\n   Date           Total           Rating                           BSA Violations (#)\n                  Assets\n                ($ Million)\n    2002        $101 - $125     Highly Rated   (12)- Instruments Log/103.29(a);\n                                               (4)- CTR filing errors/103.27(d);\n                                               (4)- Late CTR filings/103.27(a);\n                                               (3)- Exemption/103.22(d)(5)(i);\n                                               (1)- Identification procedures/ 103.28\n    2000          $51 - $100 Highly Rated NA\n    1999          $51 - $100 Highly Rated None\n    1997          $51 - $100 Highly Rated NA\n State conducts limited-scope follow-up on banks\xe2\x80\x99 corrective actions to address violations cited at prior\n FDIC examinations.\n\nOIG Concern:\nThe OIG cited concerns over supervisory follow-up for violations cited at the 2002 examination.\nAll of the violations noted at this examination were attributed to errors in CTR filings.\n\nSupervisory Action:\nThe violations were largely attributed to errors in completing the CTR form completely and\nwithin the 15-day reporting requirement. Failures to record the sale of monetary instruments\nover $3,000 also resulted in apparent violations. The examiners discussed these issues with bank\nmanagement during the examination and received a commitment to implement corrective action,\nincluding increased training and expanded review process.\n\nAssessment of Follow-up Action:\nGiven the BSA history of the bank, management\xe2\x80\x99s responsiveness to BSA deficiencies, small\nasset size, rural location, and adequate management, supervisory follow-up that consists of\nreview at the next examination is considered appropriate.\n\n\n\n\n                                                         93\n                                     This Report Contains Confidential Information\n                    For Official Use Only                                   Restricted Information\n\x0c                                                                                                     APPENDIX IX\n                                     CORPORATION COMMENTS\n\n       Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\n\nInstitution # 11                                                                  Low BSA Risk\n\n   Date          Total            Rating                       BSA Violations (#)\n                 Assets\n                ($ Million)\n    2002          $51 - $100    Highly Rated   NA\n    2001          $51 - $100    Highly Rated   None\n    1999          $51 - $100    Highly Rated   NA\n    1998           $26 - $50    Highly Rated   (6)- CTR filing/103.22(a);\n                                               (1)- Improper exemption or limit/103.22(b),(c);\n                                               (1)- Inadequate controls/326.8(b)\n The state does not examine for BSA or provide meaningful follow-up on FDIC violations.\n\nOIG Concern:\nThe OIG\xe2\x80\x99s draft report cited concern over FDIC supervisory follow-up of apparent violations\ncited within the 1998 ROE.\n\n    1. Bank president stated repeat violations will not occur and that the BSA program is being\n       delegated to a vice president who has a good working knowledge of these regulations.\n    2. The ROE states that violations of Section 103.22(b) and (c) are a repeat from the 1995\n       FDIC compliance examination.\n    3. The ROE stated repeat violations of Section 326.8 may result in potential civil money\n       penalties or a cease and desist order.\nSupervisory Actions:\n   1. The 1998 ROE cites a Section 326.8(b) violation for failure to implement an adequate\n       BSA compliance program. The ROE also warns the bank that if not corrected, repeat\n       violations may result in civil money penalties. The repeat violation statement is a\n       warning to management, not a repeat of a previously cited Section 326.8(b) violation.\n       The response to the 1998 ROE indicates that the bank took action to adequately address\n       the BSA violations. The response details actions taken to effect correction, including the\n       elimination of all CTR exemptions previously granted. Since the 1998 ROE did not\n       reflect a repeat Section 326.8(b) violation, no formal or informal corrective action was\n       necessary, and positive responses from management were immediate with the first\n       corrective actions taken during the examination.\n\n    2. The repeat violations of Sections 103.22(b) and (c) are technical issues. The bank is\n       located in a rural area, has a small asset size, and a low volume of reportable transactions.\n       The violations stem from one customer (with two gasoline/mini-mart business accounts)\n\n\n\n\n                                                         94\n                                     This Report Contains Confidential Information\n                    For Official Use Only                                   Restricted Information\n\x0c                                                                                                    APPENDIX IX\n                                    CORPORATION COMMENTS\n\n      Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\n        whose activity had been reviewed and who was granted exemptions for CTR filings.\n        These exemptions had not been reviewed on an annual basis, and the exemption amount\n        was required to be adjusted by $4,000. The bank\xe2\x80\x99s compliance program at the 1998\n        examination was deemed reasonable to assure and monitor compliance with BSA. The\n        response to the 1998 ROE indicates the bank took action to adequately address the BSA\n        violations. As a result, follow-up consisted of a regular-scope BSA review at the next\n        examination. No violations were noted at the next examination. Follow-up at the next\n        examination was appropriate.\n\n   3. The ROE comment was a reminder to management of the potential for civil money\n      penalties if violations were not corrected. These comments do not imply that civil money\n      penalties were being considered, or that repeat violations of Section 326.8(b) occurred.\n\nAssessment of Follow-up Action:\nGiven the bank\xe2\x80\x99s small asset size, rural location, low volume of activity, adequate management,\nand history regarding knowledge of the BSA, follow-up that consists of review at the next\nexamination is considered appropriate. Subsequent examination activity supports this\nconclusion.\n\nInstitution # 12                                                                 Low BSA Risk\n    Date           Total             Rating                      BSA Violations (#)\n                   Assets\n                 ($ Million)\n      2003        $126 - $150 Moderately Rated        None\n      2002        $101 - $125        Highly Rated     NA\n      2000          $51 - $100       Highly Rated     (1)- Inadequate controls/326.8(b)\n      1999          $51 - $100       Highly Rated     NA\n      1998          $51 - $100       Highly Rated     (1)- Inadequate controls/326.8(b)\n State performs review of prior BSA violations.\n\nOIG Concern:\n   1. The 1998 ROE cited a violation for failing to provide for adequate administration of the\n      BSA program, which was supported by a combination of deficiencies: the bank had not\n      independently tested BSA compliance, had not established procedures for detecting\n      multiple cash transactions aggregating over $10,000 in one business day, and had not\n      filed two CTRs. The combination of these deficiencies led to the conclusion that the\n      BSA program was not adequately administered. The ROE stated bank management will\n      implement procedures relating to the recommendations to correct the violation of Section\n      326.8(b).\n\n\n\n\n                                                        95\n                                    This Report Contains Confidential Information\n                   For Official Use Only                                   Restricted Information\n\x0c                                                                                                  APPENDIX IX\n                                  CORPORATION COMMENTS\n\n      Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\n\n   2. At the 2000 examination, a violation of Section 326.8(b) was cited. The president\n      committed to reviewing BSA via independent testing and revising and approving BSA\n      policy.\n\n   3. The 2002 state examination indicates a repeat violation. Bank management indicated\n      computer-generated reports will be reviewed daily and used for independent testing.\n\n\nSupervisory Actions:\n   1. The draft audit report does not include information from the 1999 state ROE indicating\n       an interim period of corrective action for the Section 326.8(b) violation. The bank\n       corrected the independent testing deficiency as noted by a 1998 letter to the FDIC RO\n       from the bank\xe2\x80\x99s president that contained a copy of the bank\xe2\x80\x99s 1998 directors\xe2\x80\x99\n       examination, conducted by a CPA firm that included a review of BSA.\n\n   2. The 2000 FDIC examination cited a violation of Section 326.8(b). That determination\n      was made, because the bank had not independently tested BSA since the 1998 CPA\n      review, and had not kept its BSA policy current or approved it annually. The FDIC\n      examination indicates that overall procedures are generally adequate to prevent reportable\n      transactions from going undetected. The bank\xe2\x80\x99s 2000 response to the transmittal letter\n      indicates that the bank plans for testing of BSA in the very near future.\n\n   3. In the 2002 state examination, Section 326.8 violations were noted for lack of\n      independent testing. Once again, the bank was found to have adequate policies and\n      procedures. The state considered this to be a repeat violation, but made the determination\n      that internal bank procedures implemented during the examination were sufficient to\n      correct the violation and preclude regulatory action. The 2003 ROE notes that the BSA\n      violations have been corrected.\n\nAssessment of Follow-up Action:\nThe original violation was corrected shortly after the 1998 examination; an intervening state\nexamination (1999) reported no BSA concerns; and the 2000 FDIC examination violation was\ncited for a different combination of deficiencies. Although the 2002 state examination again\nnoted a violation for no independent testing, the state was satisfied with the corrective measures\nimplemented during the examination. The subsequent FDIC examination (2003) confirmed\ncompliance. Bank management has demonstrated an ability and willingness to correct\ndeficiencies. Given the bank\xe2\x80\x99s past corrective actions, small asset size, rural location, low\n\n\n\n\n                                                      96\n                                  This Report Contains Confidential Information\n                 For Official Use Only                                   Restricted Information\n\x0c                                                                                                 APPENDIX IX\n                                 CORPORATION COMMENTS\n\n      Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\nvolume of reportable transactions, adequate management, and history of compliance with the\nBSA, follow up that consists of review at the next examination is considered appropriate.\n\n\n\n\n                                                     97\n                                 This Report Contains Confidential Information\n                For Official Use Only                                   Restricted Information\n\x0c                                                                                                     APPENDIX IX\n                                     CORPORATION COMMENTS\n\n       Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\nInstitution # 14                                                                  Moderate BSA Risk\n\n   Date          Total            Rating                             BSA Violations (#)\n                 Assets\n               ($ Million)\n       2002     $151 - $200        Low Rated   (17)- Late CTR filings/103.27(a);\n                                               (16)- CTR filing errors/103.27(d);\n                                               (13)- Annual review/103.22(d)(4);\n                                               (13)- Exempt documentation/103.22(d)(6)(i);\n                                               (11)- Instruments log/103.29(a);\n                                               (11)- Record retention/103.38(d);\n                                               (10)- Biennial exemption/103.22(d)(5)(i);\n                                               (2)- CTR filings/103.22(b)(i);\n                                               (1)- Inadequate program/326.8(b)\n        2000      $151 - $200     Highly Rated NA\n        1999      $126 - $150     Highly Rated (1)-Inadequate controls/326.8(c)(1);\n                                               (1)-Independent testing/326.8(c)(2)\n        1997     $101 - $ 125     Highly Rated (1)-Inadequate controls/326.8(c)(1);\n                                               (1)-Independent testing/326.8(c)(2)\n                                               (1)-BSA Officer/326.8(c)(3)\n                                               (1)-Inadequate Training/326.8(c)(4)\n                                               (1)-CTR Filing/103.22(a)\n State does not examine for BSA. Within the past 2 or 3 years the state has begun to perform limited follow up\n on violations cited at prior FDIC exams.\n\nOIG Concern:\n   1. Violations cited at the 1997 examination are not separately entered into ViSION.\n\n    2. None of the 94 violations cited in the 2002 ROE are listed in ViSION. The regulations\n       are Sections 326.8(c)(1), 103.29(a), 103.29(a)(1)(ii), 103.29(a)(2)(i), 103.29(a)(2)(ii),\n       103.22(b)(1), 103.27(a)(1), 103.27(d), 103.22(d), 103.22(d)(6)(i), 103.22(d)(4),\n       103.22(d)(5)(ii), 103.22(d)(6)(x), 353.3(a), 353.3(a)(2), 353.3(b)(1).\n\n    3. Time frame for corrective action was protracted.\n\nSupervisory Actions:\n   1. The violations cited at the 1997 examination are included in ViSION with the safety and\n       soundness examination.\n\n    2. The violations cited at the 2002 examination are listed in ViSION with a 2003\n       examination date.\n\n\n\n\n                                                         98\n                                     This Report Contains Confidential Information\n                    For Official Use Only                                   Restricted Information\n\x0c                                                                                                     APPENDIX IX\n                                     CORPORATION COMMENTS\n\n       Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\n    3. The 1997 ROE comments noted a BSA violation, as the bank policy did not address\n       independent testing. The bank\xe2\x80\x99s CPA firm was scheduled to conduct testing during third\n       quarter of 1997. The 1999 ROE comments noted repeat violations of Section 326.8(c)(1)\n       and (2). Supervisory action occurred at the next examination.\n\nAssessment of Follow-up Action:\nThe DSC concurs in general with the OIG regarding the follow up for this bank. It appears that\nthe violation of Sections 326.8(c) (1) and (2) existed across examination cycles; however,\nfollow-up action after the 2002 examination was timely, extensive, and successful. The RO\nissued a MOU in 2003 to address BSA deficiencies. A 2003 visitation was conducted to monitor\nprogress with the MOU. At the visitation, all deficiencies were found to have been addressed\nand/or corrected, and sufficient BSA controls are in place.\n\nInstitution #17 (\xe2\x80\x9cinactive\xe2\x80\x9d)                                                      Low BSA Risk\n\n   Date          Total             Rating                       BSA Violations (#)\n                 Assets\n               ($ Million)\n    1998          $51 - $100      Highly Rated     (2)- Instrument logs/103.29(a)(2);\n                                                   (4)- Improper exemption or limit/103.22(b),(c);\n                                                   (3)- CTR filing errors/103.27(d);\n                                                   (1)- Independent testing/326.8(c)(2)\n Bank merged with another institution in 1999.\n\nOIG Concern:\nOIG indicated the following concern from the 1998 examination.\n\n\xe2\x80\x9cThe violation code for 103.22(b) is 60000 not 60001. The violation code for 103.27(d) is 63001\nnot 63000. An additional violation 103.29(a)(2) is in the ROE that's not in VISION. The BSA\nofficer stated the apparent violations resulted from oversight and more care would be taken to\nprevent future occurrence. The president committed to implementing the examiner's\nrecommendations. This bank became inactive after this examination in 1999.\xe2\x80\x9d\n\nSupervisory Action:\n[NOTE: The violation codes in effect at the time of this examination are based on Regional\nDirector Memorandum (\xe2\x80\x9cRD Memo\xe2\x80\x9d) 96-085 which was superceded in 1999 by RD Memo 99-\n066 which was then superceded by RD 03-048. Thus, the violation code used to capture the\n103.29(a)(2) citation was eliminated in 1999 due to a change in the BSA regulation.]\n\n\n\n\n                                                         99\n                                     This Report Contains Confidential Information\n                    For Official Use Only                                   Restricted Information\n\x0c                                                                                                  APPENDIX IX\n                                  CORPORATION COMMENTS\n\n      Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\nThe bank merged into another institution in 1999. The bank was highly rated at the 1998\nexamination, as well as management. The bank was cited for four BSA violations: improperly\nsetting exemption limits; inadequate independent testing; incomplete CTRs; and missing\ndocumentation on monetary instruments. The first and last were repeat violations from the 1995\ncompliance examination. During the examination, the bank president committed to correct the\nviolations cited. In 1998, the examiner-in-charge met with the bank\xe2\x80\x99s directorate to present the\nfindings of the examination and noted the BSA violations. An e-mail in 1998, memorializes the\nmeeting with the board of directors. Again in 1998, the RO notified FinCEN that the RO\nrequested that the bank contact FinCEN for guidance on CTR backfilling.\n\nIn a letter dated in 1998, management indicated that corrective action was taken to eliminate\nfuture BSA violations. Management also included a progress report on each item of BSA-related\ncriticism noted in the ROE.\n\nBank Profile:\nThe bank is INACTIVE. This institution was a $51-$100 million well-managed institution,\nwhich was highly rated for four consecutive examination cycles dating back to 1993. The bank\xe2\x80\x99s\ntrade area was primarily rural, with a moderate population estimated about 60,000. The money-\nlaundering risk was low. The board of directors and operating management were regarded as\nactive and conservative. Management was highly rated since 1992.\n\nAssessment of Follow-up Action:\nSupervisory action included meeting with the directorate, sending notification to FinCEN, and\nreceiving a progress report from bank management that indicated corrective action. Supervisory\naction was completed within 100 days from the examination start date. Adequate supervisory\naction was taken as the bank corrected apparent violations during the normal course of business.\n\n\n\n\n                                                     100\n                                  This Report Contains Confidential Information\n                 For Official Use Only                                   Restricted Information\n\x0c                                                                                                    APPENDIX IX\n                                    CORPORATION COMMENTS\n\n       Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\n\nInstitution # 19                                                                 Low BSA Risk\n\n    Date           Total            Rating                        BSA Violations (#)\n                   Assets\n                ($ Million)\n        2003        $0 - $10       Highly Rated    NA\n        2003       $11 - $25    Moderately Rated   (18)- CTR filing errors/103.27(d);\n                                                   (1)- Inadequate controls/326.8(c)(1);\n                                                   (1)- Independent testing/326.8(c)(2)\n         2002       $11 - $25               N/A NA\n         2002       $11 - $25        Low Rated None\n         2001       $11 - $25        Low Rated (1)- Independent testing/326.8(c)(2)\n         2000       $11 - $25 Moderately Rated NA\n         1999         $0 - $10     Highly Rated (1)- Independent testing/326.8(c)(2);\n                                                   (1)- BSA Officer/326.8(c)(3)\n         1998         $0 - $10     Highly Rated NA\n         1997         $0 - $10     Highly Rated None\n State does not perform BSA examinations or review prior BSA violations.\n\n\nOIG Concern:\nThe OIG notes a repeat violation from 2001 and 2003 examinations pertaining to Section 326.8\n(c)(2), lack of adequate independent testing. Given that this institution was placed in the\ninadequate follow-up period of 49 to 60 months, it appears that the OIG criticism may stem from\nthe violations cited in the 1999 examination.\n\n\n\n\n                                                       101\n                                    This Report Contains Confidential Information\n                   For Official Use Only                                   Restricted Information\n\x0c                                                                                                  APPENDIX IX\n                                  CORPORATION COMMENTS\n\n      Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\nSupervisory Action:\nThe RO was unable to obtain the 1997 ROE from archives by the OIG\xe2\x80\x99s deadline. The 1999\nROE notes two BSA-related violations: the lack of a specially designated individual to monitor\nBSA compliance; and the lack of adequate independent testing. The ROE notes that procedures\nare generally adequate considering the level of activity, size, and customer base. In a transmittal\nletter dated 1999, the FDIC requested that management submit a response to the FDIC\ncontaining its corrective measures regarding the ROE findings. The RO received\ncorrespondence from the bank in 1999, stating that the violations had been corrected.\n\nThe 2000 examination conducted by the state did not include a review of BSA compliance. The\nstate entered into a MOU with the bank subsequent to this examination to address all safety and\nsoundness concerns.\n\nThe 2001 FDIC examination found the bank\xe2\x80\x99s condition deteriorated significantly. The bank and\nmanagement were rated low. The ROE noted a repeat violation for failure to provide\nindependent testing for the BSA program. The examiners received management\xe2\x80\x99s commitment\nto correct the violation. The bank was later placed under an informal corrective action in 2001\nthat included a provision for the correction of violations cited during the examination, including\nBSA program violation. Bank management submitted several reports detailing progress with the\ninformal action. The first progress report in 2001, stated that all violations had been corrected\nand that an outside compliance audit had been completed. Subsequent quarterly progress reports\nall state that the \xe2\x80\x9cBSA violation has been addressed and reviewed. The bank will include this\nissue in the next third party review.\xe2\x80\x9d\n\nThe 2002 ROE reflects the bank\xe2\x80\x99s serious and ongoing deterioration. The bank\xe2\x80\x99s was again rated\nlow, and considered a potential failure. The ROE states, \xe2\x80\x9cThe BSA violation concerning the\nindependent testing for compliance with financial recordkeeping requirements has been\ncorrected.\xe2\x80\x9d No BSA-related violations were cited during the examination.\n\nThe 2003 ROE cites a violation of Section 326.8 of the FDIC Rules and Regulations in addition\nto Section 103.27(d) for incomplete CTRs filed during 2002. A violation of Section 326.8(c)(1)\nwas also cited. The ROE notes that management committed to correct the violations. The bank\nprovided a response to the examination dated in 2003, stating that it would adhere to the\nregulations.\n\nThe 2003 state bank regulator\xe2\x80\x99s ROE notes that management stated that the violations had been\ncorrected and that measures had been implemented to prevent recurrence.\n\nBank Profile:\n\n\n\n\n                                                     102\n                                  This Report Contains Confidential Information\n                 For Official Use Only                                   Restricted Information\n\x0c                                                                                                     APPENDIX IX\n                                     CORPORATION COMMENTS\n\n       Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\nThe bank is $0\xe2\x80\x93$10 million institution located in a small town in the southwestern part of the\nUnited States, with a population of less than 600. The local economy is based on diversified\nmanufacturing, agri-business, oil-field operations, and service industries. The bank is the only\nfinancial institution in town and does not operate any branches. The bank\xe2\x80\x99s money-laundering\nrisk profile is low. The bank has a very low level of reportable transactions. The 2001 ROE\nnoted that the bank had only filed four CTRs since the previous FDIC examination in 1999.\n\nAssessment of Follow-up Action:\nFor the 1999 examination, supervisory action consisted of sending a transmittal letter within 29\ndays of the examination start date and receiving a response from bank management indicating\nthat the violation was corrected within 78 days from the examination start date. The supervisory\naction taken was adequate as management corrected the apparent violation during the normal\ncourse of business.\n\nFor the 2001 examination, supervisory action consisted of an enforcement action executed within\n62 days from the examination start date. Supervisory action taken was adequate as management\nreported within 64 days that the violations were corrected. In addition, no BSA violations were\ncited at the subsequent examination.\n\nFor the 2003 examination, supervisory action taken consisted of obtaining commitments to\ncorrect violations during the examination. Supervisory action was completed within 63 days\nfrom the start of the examination as management indicated in a letter that the violation had been\ncorrected.\n\nInstitution # 20                                                                  Low BSA Risk\n\n   Date           Total             Rating                       BSA Violations (#)\n                  Assets\n                ($ Million)\n       2003        $11 - $25       Highly Rated  None\n       2001         $0 - $10       Highly Rated  NA\n       2000         $0 - $10       Highly Rated  (1)- Multiple transactions/103.22(c)(2);\n                                                 (1)- Late CTR filings /103.27(a);\n                                                 (1)- Instrument logs/103.29(a);\n                                                 (1)- Inadequate program/326.8(b)\n        1998          $0 - $10  Highly Rated NA\n        1997          $0 - $10  Highly Rated (1)- Inadequate program/326.8(b);\n                                                 (1)- Inadequate controls/326.8(c)(1);\n                                                 (1)- Inadequate training/326.9(c)(4)\n State does not perform BSA examinations or review prior BSA violations.\n\n\n\n\n                                                        103\n                                     This Report Contains Confidential Information\n                    For Official Use Only                                   Restricted Information\n\x0c                                                                                                  APPENDIX IX\n                                  CORPORATION COMMENTS\n\n      Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\n\nOIG Concern:\nThe OIG concerns are the intervals between the 1997 and 2000 examinations as well as the 2000\nand 2003 examinations, and apparent repeat violations stemming from the 1997 examination. As\na result, the follow-up time was determined inadequate.\n\nThe OIG indicated the following concern from the 2000 examination.\n\n\xe2\x80\x9cFollow-up not determinable. The audit does not include review of regional or field office files.\nThe bank\xe2\x80\x99s BSA officer stated additional effort would be extended to correct noted deficiencies\nand prevent recurrence. The examination date is 2000. ViSION has 1999, as examination date.\xe2\x80\x9d\n\nSupervisory Action:\nThe 1997 FDIC ROE reflects BSA-related violations, including an inadequate training program,\nlack of internal controls, and an inadequate independent audit program. The confidential section\nof the ROE notes that no CTRs had been filed since the previous examination, and that the bank\nhad no exempt customers. The bank received an overall high rating during this examination, and\nmanagement was also highly rated. Correspondence dated 1997 from the bank responding to the\nexamination findings states that the bank implemented a new training program and that the BSA\nprogram had been revised to improve compliance regarding internal controls and independent\naudit coverage.\n\nThe 2000 FDIC ROE notes that management had taken steps to address violations cited at the\nprevious examination. However, a repeat violation pertaining to the bank\xe2\x80\x99s inadequate BSA\ntraining program was cited, and the ROE noted that training had not been performed since 1997.\nAlthough management implemented a BSA training program to address the ROE deficiency,\nadditional follow-up training did not occur thereafter. While no follow up was requested, the RO\nwas comfortable that management would respond to the ROE criticisms, as it had in the past.\nManagement actions were confirmed at the next FDIC examination in 2003, where no BSA\nviolations or criticisms were noted.\n\nSince neither the OIG nor the RO reviewed archived files on this bank relating to the 2000\nexamination, no correspondence indicating follow up was reviewed; however, highly-rated bank\nmanagement is generally found to be responsive. Given the historical responsiveness of bank\nmanagement and the overall profile of the institution, enforcement action was not considered\nnecessary.\n\nBank Profile:\n\n\n\n\n                                                     104\n                                  This Report Contains Confidential Information\n                 For Official Use Only                                   Restricted Information\n\x0c                                                                                                    APPENDIX IX\n                                    CORPORATION COMMENTS\n\n       Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\nThe institution is an $11-$25 million institution located in a small community with a population\nof approximately 500 located in the Midwest. The bank\xe2\x80\x99s money-laundering risk is low. The\nbank has had very few, if any, transactions reportable under the BSA regulation. Management\nhas been highly rated since 1987.\n\nAssessment of Follow-up Action:\nSupervisory action was taken by reviewing a response from bank management that indicated\ncorrective action was taken by management to eliminate the apparent violation. Supervisory\naction was completed within 141 days from the start of the 1997 examination. Supervisory\naction taken was considered adequate as management corrected the violation during the normal\ncourse of business. Regarding the 2000 examination findings, since archived files were not\nreviewed, follow-up action and times cannot be confirmed; however, as part of the normal\nsupervisory process, a transmittal letter accompanies the ROE and a response from bank\nmanagement is received within a reasonable time frame. Given the risk profile and the historical\nresponsiveness of bank management, in addition to the lack of violations cited at the subsequent\n2003 examination, appropriate supervisory action was taken.\n\nInstitution # 21                                                                 Low BSA Risk\n\n    Date            Total             Rating                      BSA Violations (#)\n                    Assets\n                  ($ Million)\n        2003          $26 - $50     Highly Rated   (2)- Exempt bank/103.22(d)(3)(ii);\n                                                   (1)- Independent testing/326.8(c)(2).\n         2001          $26 - $50   Highly Rated NA\n         2000          $26 - $50   Highly Rated None\n State does not perform BSA examinations or review prior BSA violations.\n\nOIG Concern:\nThe OIG indicated that the lack of independent testing of BSA compliance is a repeat violation\nthat was cited in the 2001 and 2000 examinations. Bank management agreed in all three ROEs\nto address the problem.\n\nSupervisory Action:\nExamination work papers noted that \xe2\x80\x9cindependent testing\xe2\x80\x9d was not included in the audit program\nfor 2002 and prior years due to cost. Also noted was the intent to have this aspect of the BSA\nprogram conducted in conjunction with the 2003 audit. A major mitigating factor is this small,\nrural bank\xe2\x80\x99s lack of reportable transactions as they have had only three in recent history (two in\n2000 and one in 1996).\n\n\n\n\n                                                       105\n                                    This Report Contains Confidential Information\n                   For Official Use Only                                   Restricted Information\n\x0c                                                                                                    APPENDIX IX\n                                    CORPORATION COMMENTS\n\n      Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\n\nA review of the bank indicated that no BSA violations were cited in the 2000 ROE. ROE\ncomments also indicated that the bank was in compliance with the BSA program. Also, no\nviolation was cited in the 2001 examination conducted by the state.\n\nThe ROE dated 2003, cited two violations that the bank\xe2\x80\x99s \xe2\x80\x9cindependent testing had failed to\ndiscover the bank\xe2\x80\x99s failure to file a Designation of Exempt Person form for a correspondent\nbank.\xe2\x80\x9d The RO indicated that the bank had been conducting independent testing, but the scope\nwas determined to be inadequate. Bank management indicated that the independent testing for\nBSA compliance would be added to the scope of the directors\xe2\x80\x99 examination.\n\nBank Profile:\nThe institution is located in a small, rural community (population of approximately 1,200) in the\nMidwest. The bank operates from a single office, is not located in close proximity to any major\nmetropolitan areas, and has few large cash transactions. While an examination of the bank\xe2\x80\x99s\nBSA compliance practices and procedures has not resulted in serious violations, the most recent\nROE cited the inadequacy of its \xe2\x80\x9cindependent\xe2\x80\x9d testing as that review failed to note that\nexemptions were not filed for transactions with a correspondent bank. Given the absence of any\nsignificant issues as well as the absence of significant cash transactions, the bank is considered to\nbe a low BSA Risk.\n\nAssessment of Follow-up Action:\nNo supervisory action was taken since no BSA violations were cited at the 2000 and 2001\nexaminations. The institution remained on a normal examination schedule. Supervisory action\nwas deemed appropriate given the institution\xe2\x80\x99s low risk profile and lack of any reported BSA\nviolations in the 2000 and 2001 examinations.\n\nInstitution # 23                                                                 Low BSA Risk\n\n    Date           Total           Rating                           BSA Violations (#)\n                   Assets\n               ($ Million)\n    2003           $51 - $100     Highly Rated     None\n    2002           $51 - $100     Highly Rated     NA\n    2000            $26 - $50     Highly Rated     (1)- Inadequate program/326.8(b)(1)\n    1999            $26 - $50     Highly Rated     NA\n    1997            $26 - $50                      (3)- Instrument log/103.29(a)(2);\n                                                   (2)- Identity record (customer)/103.29(a)(1)(i)(ii);\n                                                   (2)- CTR filings/103.22(b)(i);\n                                                   (2)- Instrument log/103.29(a);\n\n\n\n\n                                                       106\n                                    This Report Contains Confidential Information\n                   For Official Use Only                                   Restricted Information\n\x0c                                                                                                     APPENDIX IX\n                                     CORPORATION COMMENTS\n\n       Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\n                                                 (1)- Inadequate program/326.8(b)(i).\n                                                 (1)- Identity record (non-customer)/103.29(a)(2)(i)(ii);\n State does not perform BSA examinations or review prior BSA violations.\n\nOIG Concern:\nExaminer determined that the bank complied with the requirement to have independent testing of\nBSA program. The violation was cited in both the 1997 and 2000 ROEs.\n\nSupervisory Action:\nThis small, rural institution did not adopt an independent testing program due to cost. However,\nthe independent testing issue was resolved at (or shortly following) the time the bank acquired\nsome branches in a metropolitan area. Even with this expansion in office facilities, the number\nof reportable transactions remains nominal (nine in 2001; eleven in 2002; and ten to the date of\nthe 2003 examination). No enforcement action was deemed necessary inasmuch as the bank\xe2\x80\x99s\noperations were in compliance with the BSA.\n\nThe ROE dated 1997, listed 10 Section 103 violations and one BSA violation for lack of\nindependent testing of the BSA program. The summary comments for this examination\nindicated that management promised correction, and the RO requested a response within 60 days\non significant items.\n\nThe ROE dated 2000, indicated that all BSA violations had been corrected except for the lack of\nindependent testing. Bank management agreed to consider including a review of BSA as part of\nthe bank\xe2\x80\x99s annual directors\xe2\x80\x99 examination. Therefore, it appears the reason for not implementing\nthe testing after the 1997 examination was due to a cost issue. The RO concluded that no follow-\nup was deemed necessary based on the bank\xe2\x80\x99s satisfactory overall BSA compliance, strong\nfinancial condition, and management\xe2\x80\x99s history of following through on corrective action.\n\nBank Profile:\nThe institution is located in the Midwest (population approximately 1,000) with expansion of\noperations into a nearby metropolitan area in 2001. The bank is one of more than 20 institutions\noperating in that metropolitan are and, as such, one of many institutions in that market. Inherent\noperations are based in a small, rural community where significant cash transactions are\nminimal. The violation cited was limited to the lack of independent testing, although testing was\nbeing conducted. The bank\xe2\x80\x99s nature and scope of operations indicates that the bank is considered\na low BSA risk.\n\nAssessment of Follow-up Action:\n\n\n\n\n                                                        107\n                                     This Report Contains Confidential Information\n                    For Official Use Only                                   Restricted Information\n\x0c                                                                                                    APPENDIX IX\n                                    CORPORATION COMMENTS\n\n      Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\nSupervisory action taken indicates that the RO did follow-up on significant items at the 1997\nexamination. No enforcement action was necessary since the bank\xe2\x80\x99s operations were in\ncompliance with the BSA. The bank\xe2\x80\x99s correspondence to the RO dated 1998 indicated that all\nBSA violations had been corrected. At the 2000 examination, the institution was cited for lack\nof independent testing; however, bank management agreed to consider independent testing and\nthe RO determined that no additional follow-up was necessary, which is supported by the results\nof the 2003 examination. Supervisory action was taken within an acceptable time frame.\nSupervisory action was appropriate given the institution\xe2\x80\x99s low-risk BSA profile and willingness\nto comply with regulations.\n\nInstitution # 24                                                        Moderate/High BSA Risk\n   Date        Total            Rating                          BSA Violations (#)\n               Assets\n             ($ Million)\n   2001        Over $500       Highly Rated   None\n   2000        Over $500       Highly Rated   NA\n   1999        Over $500       Highly Rated   Not in BITS \xe2\x80\x93 ROE no violation\n   1998        Over $500       Highly Rated   NA\n   1997        Over $500       Highly Rated   (4)- Aggregate Transaction/103.22(c)(2);\n                                              (2)- CTR filings/103.22(a)\n State does not perform BSA examinations or review prior BSA violations.\n\nOIG Concern:\nROE states that the bank did not treat four cases of multiple transactions totaling over $10,000 as\na single transaction. Therefore, bank should have filed CTRs for those multiple transactions.\nBank management agreed that these were infractions and planned to revise the exemptions.\nSupervisory Action:\nThe correspondence file for this bank was not requested from archives, so the RO had no\ndefinitive evidence of examination follow-up; however, this institution has historically been a\nsound, well-run bank and one which follows through with requested actions.\n\nThe ROE dated 1997, cited the bank for not filing two CTRs and failure to treat four cases of\nmultiple transactions totaling over $10,000 as a single transaction. The ROE indicated that bank\nmanagement agreed to file the required CTRs. The OIG did not find any documentation that the\ncorrective action was completed. The OIG also indicated that the violation code was not correct\nin ViSION; however, the RO indicated that the code is correct based on the RD memorandum\noutstanding at the time of the violation. The summary comments for the 1997 examination\nindicated that corrective action was initiated during the examination.\n\n\n\n\n                                                       108\n                                    This Report Contains Confidential Information\n                   For Official Use Only                                   Restricted Information\n\x0c                                                                                                  APPENDIX IX\n                                  CORPORATION COMMENTS\n\n      Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\n\nThe ROE dated 1999, did not cite any violations. The ROE stated that \xe2\x80\x9cimprovements had been\nmade from the previous FDIC examination.\xe2\x80\x9d In addition, the OIG chart incorrectly shows this\nbank as having repeat violations.\n\nBank Profile: This large and rapidly growing institution is (and has been) extremely-well\nmanaged through its history and, likewise, its BSA compliance program has exhibited similar\nstrengths. While the bank\xe2\x80\x99s main office is based in a small Midwest town (population of less\nthan 700), they have had a presence in the nearby city (population greater than 75,000) for many\nyears. Historical expansion has been predicated on communities near the city, with recent\nexpansion into the state\xe2\x80\x99s second largest market (population greater than 150,000) generating\nadditional growth. With the close proximity to and in the city area as well as the newly entered\nnearby market, the inherent BSA risks increased. Over the years, the bank\xe2\x80\x99s BSA officer has\nmaintained close contact with the FDIC on BSA issues, and the bank\xe2\x80\x99s goal of reporting all\nsignificant transactions has occurred. The bank is considered a moderate- to high-BSA risk\nbased on the bank\xe2\x80\x99s area of operations; however, it must be noted that the bank\xe2\x80\x99s response is\nmore than adequate to meet inherent challenges.\n\nAssessment of Follow-up Action:\nSupervisory action was completed during the examination. All documents were filed within\nacceptable timeframe. No further supervisory action was deemed necessary.\n\n\n\n\n                                                     109\n                                  This Report Contains Confidential Information\n                 For Official Use Only                                   Restricted Information\n\x0c                                                                                                     APPENDIX IX\n                                     CORPORATION COMMENTS\n\n       Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\nInstitution # 25                                                         Moderate BSA Risk\n\n   Date           Total           Rating                       BSA Violations (#)\n                  Assets\n                ($ Million)\n       2004      $51 - $100     Highly Rated  (2)\xe2\x80\x93Late filing of CTR/103.27(a)\n       2001               -                -  (5)- Late CTR filing/103.27(a);\n                                              (1)- CTR filing/103.22(b)(1);\n                                              (1)- CTR filing errors/103.27(d)\n        2001       $26 - $50 Highly Rated (11)- Late CTR filing/103.27(a);\n                                              (7)- CTR filing errors/103.27(d);\n                                              (5)- Identification method/103.28;\n                                              (1)- Biennial exemptions/103.22(d)(5)(i)\n        2000       $26 - $50 Highly Rated NA\n        1998       $26 - $50 Highly Rated (2)- Late CTR filings/103.27(a);\n                                              (1)- Inadequate program/326.8(b)(1);\n                                              (1)- CTR filing/103.22(b)(1);\n                                              (1)- Exempt bank/103.22(d)(3)(ii)\n State does not perform BSA examinations or review prior BSA violations.\n\nOIG Concern:\nOIG indicated the following concerns from the 2001 BSA visitation.\n     1. Five CTRs were not received by the Internal Revenue Service within the prescribed\n          time period. Bank management agreed to address the infractions.\n\n      2.      Examiner identified one new violation of Section 103.27(d). In addition, two other\n              violations had not been corrected from the 2001 ROE resulting in a repeat violation\n              from the 2001 examination. Management agreed to address the infractions.\n\n      3.      Examiner identified one CTR that had not been filed as required. Management\n              agreed to address the infraction.\nSupervisory Action:\nA 2001 transmittal letter for the 2001 ROE requested a progress report from the bank by quarter-\nend 2001. The bank addressed the above issues in their follow-up report dated by quarter-end\n2001, which was acknowledged by the RO in a letter dated quarter-end 2001. BSA issues were\nagain addressed during a RO outreach contact in 2002.\n\nThe 2001 BSA visitation report indicated that the examiner provided the bank with information\nto follow-up on the inaccurate CTRs. However, subsequent verification was not requested from\nthe bank. The outreach contact record indicated that the BSA concerns were being addressed.\n\n\n\n\n                                                        110\n                                     This Report Contains Confidential Information\n                    For Official Use Only                                   Restricted Information\n\x0c                                                                                                    APPENDIX IX\n                                    CORPORATION COMMENTS\n\n       Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\n\nBank Profile:\nThe institution is located in the Midwest. With the addition of its most recent office in 2001, the\nbank has experienced significant growth. The 1998 ROE identified several BSA deficiencies\nwhich were also reviewed at the 2001 examination. Deficiencies noted in the latter prompted a\nfollow-up visit in 2001, which disclosed management had taken significant steps to improve\nBSA compliance. In view of the number of reportable transactions the bank was handling prior\nto making better use of the exemption programs (both Phase I and Phase II) and the noted growth\nsince 2000, the bank is considered a moderate-BSA risk.\n\nAssessment of Follow-up Action:\nSupervisory action consisted of a transmittal letter to the institution in 2001, and a follow-up\nreport from the bank dated in 2001. Additionally, a follow-up BSA visitation was conducted in\nlate 2001. The timeframe between the examination of 2001, and the visitation was 192 days.\nGiven the bank\xe2\x80\x99s willingness to correct BSA violations, its favorable financial condition, and\nmanagement\xe2\x80\x99s history of following through on commitments to regulatory agencies, the\nsupervisory action taken seems appropriate. The FDIC finalized an examination in 2004.\nFindings identified two isolated late CTR filings. No other BSA problems were identified, and\noverall the BSA program was determined to be effective.\n\nInstitution # 26                                                                 Moderate BSA Risk\n\n    Date           Total            Rating                          BSA Violations (#)\n                   Assets\n                ($ Million)\n    2003                    -                 -   None\n    2003            $26 - $50      Highly Rated   (18)- Late CTR filings/103.27(a);\n                                                  (13)- CTR filings/103.22(b)(1);\n                                                  (1)- Instrument log/103.29(a);\n                                                  (1)- Inadequate program/326.8(b)(1);\n                                                  (1)- Independent testing/326.8(c)(2);\n                                                  (1)- Inadequate training/326.8(c)(4)\n     2002            $26 - $50    Highly Rated NA\n     2001            $11 - $25    Highly Rated (3)-Late CTR filings/103.27(a)\n State does not perform BSA examinations or review prior BSA violations.\n\nOIG Concern:\nOIG indicated the following concern from the 2001 examination.\n\n\n\n\n                                                       111\n                                    This Report Contains Confidential Information\n                   For Official Use Only                                   Restricted Information\n\x0c                                                                                                  APPENDIX IX\n                                  CORPORATION COMMENTS\n\n      Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\nROE cites a violation that the bank did not file a SAR when a customer of the bank reported\n$22,000 missing from a safe deposit box. An acquaintance of the customer reportedly forged the\nsignature of one of the individuals with authority to enter the safe deposit box. The next day the\ncustomer reported the funds missing. The bank contacted local authorities. Bank management\ncommitted to filing the report. Subsequent ROEs/visits do not seem to address this issue.\n\nSupervisory Action:\nThe bank\xe2\x80\x99s correspondence file contains a copy of the requisite SAR prepared as in\n2001. The 2001 ROE cited the bank for not filing a SAR with the appropriate authorities. The\nROE indicated that bank management committed to filing the required report. The OIG did not\nsee any subsequent documentation supporting the filing. However, the RO has provided from\nthe bank\xe2\x80\x99s correspondence file a copy of the SAR filing dated 2001.\n\nBank Profile:\nThe institution is a relatively new institution (chartered in 2000) which is situated in a popular\nvacation destination. As such, the volume of \xe2\x80\x9cvisitors\xe2\x80\x9d and attendant cash is significant. The\nbank\xe2\x80\x99s BSA compliance program was not deemed adequate at the 2003 examination and a\nfollow-up visitation was conducted later in 2003. The latter onsite review noted that substantial\nprogress had been attained in achieving compliance with BSA and management committed\nfurther efforts. In view of the environment in which this bank operates, a strong BSA\ncompliance program is deemed imperative and will be monitored closely. The bank is\nconsidered a moderate-BSA risk.\n\nAssessment of Follow-up Action:\nThe institution provided the RO with a copy of the SAR filing. The document was filed within\nan acceptable timeframe. No further supervisory action was deemed necessary.\n\n\n\n\n                                                     112\n                                  This Report Contains Confidential Information\n                 For Official Use Only                                   Restricted Information\n\x0c                                                                                                    APPENDIX IX\n                                    CORPORATION COMMENTS\n\n       Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\n\nInstitution # 27                                                                 Low BSA Risk\n\n    Date           Total           Rating                      BSA Violations (#)\n                   Assets\n                 ($ Million)\n     2002           $26 - $50    Highly Rated   None\n     2001           $26 - $50    Highly Rated   NA\n     2000           $26 - $50    Highly Rated   (11)-CTR filing errors/103.27(d);\n                                                (1)- Inadequate program/326.8(b)\n      1998           $26 - $50 Highly Rated NA\n      1997           $26 - $50 Highly Rated (9)- CTR filing errors/103.27(d);\n                                                (7)- CTR filing /103.22(a);\n                                                (2)- Identification procedures/103.28\n State does not perform BSA examinations or review prior BSA violations\n\nOIG Concern:\nOIG indicated the following concern from the 2000 examination.\n\n\xe2\x80\x9cThe examiners noted 11 apparent violations of Section 103.27(d). The president stated that\nCTRs would be reviewed more closely before filing and the bank would begin conducting the\nreviews annually. The bank had not provided for independent testing of the BSA program. This\ndeficiency was noted in a prior examination conducted in 1997 and remains uncorrected as of\nthis examination. During the examination, bank management appointed an employee to perform\nindependent testing of the BSA program.\xe2\x80\x9d\n\nSupervisory Action:\nThe 1997 ROE prepared by the FDIC detailed three apparent violations with a modest level of\nfrequency. These apparent violations were not considered systemic, and given satisfactory\nmanagement, with a strong history of responding to supervisory concerns, no enforcement action\nwas warranted. Due to the lack of systemic violations and management\xe2\x80\x99s willingness to address\nsupervisory concerns, no follow-up between examinations was necessary.\n\nIn 1997, the RO transmittal letter to the bank asked for follow-up on all regulatory concerns,\nincluding BSA-related deficiencies. A few weeks later in 1997, the bank\xe2\x80\x99s chairman and chief\nexecutive officer responded to the examination findings. The chairman indicated that the bank\nhad strengthened the audit and review procedures to improve the BSA compliance program. He\nfurther indicated that personnel are better trained and knowledgeable of BSA compliance, and he\nalso filed corrected CTRs.\n\n\n\n\n                                                       113\n                                    This Report Contains Confidential Information\n                   For Official Use Only                                   Restricted Information\n\x0c                                                                                                  APPENDIX IX\n                                  CORPORATION COMMENTS\n\n      Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\nThe 2000 FDIC ROE cited violations of Part 103 for failure to provide all required information\non the CTR and Section 326.8 for failure to have independent testing. The violations pertaining\nto Part 103 were not repeat violations. A transmittal letter was sent from the RO in 2000, and the\nbank was instructed to correct the apparent BSA-related violations. The transmittal letter also\nrequired the bank\xe2\x80\x99s response to the ROE to include action taken to correct BSA-related\nweaknesses. Approximately a month later, the bank\xe2\x80\x99s president responded to the RO, indicating\nthe BSA deficiencies had been corrected and independent testing was being performed. Given\nthe risk profile and outstanding rating of the institution, a BSA visitation to ensure correction\nwas not necessary.\n\nThe 2002 FDIC ROE detailed a generally adequate BSA compliance program. While the BSA\ntraining was considered adequate, the ROE noted a minor deficiency, in that there was lax\ndocumentation of the employee training. The adequacy of employee training is evidenced by the\ncorrection of prior examination violations and no further BSA-related violations. The president\nindicated that future training would be better documented. There were no material weaknesses\nin the BSA compliance program and no apparent BSA-related violations were cited.\nConsequently, there was no need for supervisory action. It should be noted that during the 2002\nexamination, it was determined that there were no reportable transactions since 2001. The\noverall improvement in this bank\xe2\x80\x99s BSA compliance supports no enforcement actions.\n\nBank Profile:\nThe bank is a $26-$50 million institution with one office located in the Southeast. The\npopulation of the county as reported in 2000 was approximately 30,000. The money- laundering\nrisk profile is low. The trade area is rural, with an agrarian-based economy. The 2002 FDIC\nROE work papers reflected a low level of CTR filings, with no currency transaction greater than\n$10,000 for approximately 10 months prior to the examination. The 2002 work papers indicate\nthe level of CTRs had declined between the 2000 and 2002 examinations, as a result of a large\ncustomer closing its deposit account. Bank management has been highly rated since 1982.\n\nAssessment of Follow-up Action:\nFor the 1997 examination, supervisory action consisted of sending a transmittal letter within 42\ndays of the examination start date requesting bank management to address the deficiencies cited\nin the ROE. Supervisory action was completed within 73 days of the examination start date\nupon receiving confirmation from bank management that the violations were corrected.\nAdequate supervisory action was taken as management corrected violations during the normal\ncourse of business.\n\nFor the 2000 examination, supervisory action consisted of sending a transmittal letter to the bank\nrequesting corrective action. Supervisory action began within 48 days of the examination start\n\n\n\n\n                                                     114\n                                  This Report Contains Confidential Information\n                 For Official Use Only                                   Restricted Information\n\x0c                                                                                                    APPENDIX IX\n                                    CORPORATION COMMENTS\n\n      Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\ndate and was completed within 101 days of the examination start date upon receiving\nconfirmation from bank management that the violations were corrected. Supervisory action was\nadequate as the violations were corrected during the normal course of business.\n\nInstitution # 30 (\xe2\x80\x9cinactive\xe2\x80\x9d)                                                    Low BSA Risk\n\n    Date           Total            Rating                     BSA Violations (#)\n                   Assets\n                 ($ Million)\n     2000         $151 - $200     Highly Rated   NA\n     1999          $51 - $100     Highly Rated   None\n     1998           $26 - $50     Highly Rated   NA\n     1997           $26 - $50     Highly Rated   (6)-Identification method/103.28;\n                                                 (1)-Improper exemption or limit/103.22(b)(1);\n                                                 (1)-Exemption Form/103.22(d);\n                                                 (1)-Record of Exemption/ 103.22(f);\n                                                 (1)-Instrument Log/103.29(a)(1)\n State does not perform BSA examinations or review prior BSA violations.\n\nOIG Concerns:\nLength of time between follow up on violations cited at the 1997 examination was between 25-\n36 months.\n\nSupervisory Action:\nThe 1997 FDIC ROE cited numerous violations of Part 103, specifically pertaining to\nexemptions, required information for completion of CTRs, and monetary log data.\n\nIn 1997, the RO sent the bank a transmittal letter requesting that management provide a written\nresponse within 45 days, detailing corrective actions to eliminate deficiencies cited within the\nROE. Bank management responded one month later stating that additional training would be\nprovided and audit coverage of the BSA compliance program would be completed.\n\nGiven the risk profile of the institution and the outstanding ratings, a BSA visitation to ensure\ncorrection was not necessary.\n\nThe 1999 ROE revealed no weaknesses, material or otherwise, in the BSA compliance program.\nThe examiner-in-charge noted in the ROE that the operating procedures for managing the BSA\nprogram had improved since the last FDIC examination.\n\n\n\n\n                                                       115\n                                    This Report Contains Confidential Information\n                   For Official Use Only                                   Restricted Information\n\x0c                                                                                                     APPENDIX IX\n                                     CORPORATION COMMENTS\n\n       Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\n\nBank Profile:\nBank is INACTIVE. This institution resulted from the merger of two institutions in 2000, with\nthe charter of the first bank being dissolved. The surviving institution changed its name to\nInstitution #30 and relocated its main office. This institution subsequently merged into another\ninstitution in 2001. The last FDIC ROE was completed in 1999.\n\nThe money-laundering risk at this institution prior to its merger was low. The customer base was\nlocal and appeared well known by bank personnel. Nothing in the ROEs indicates any unusual\nor suspect transactions. The last two FDIC ROEs rated management highly. Management has\nbeen highly rated since 1982.\n\nAssessment of Follow-up Action:\nSupervisory action was taken by sending a transmittal letter requesting bank management to\neliminate deficiencies cited in the ROE. Supervisory action was taken within 33 days of the\nexamination start date and was completed upon receiving a satisfactory response from\nmanagement within 81 days from the start of the examination. Adequate supervisory action was\ntaken given that the bank corrected the apparent violations during normal course of supervision.\n\nInstitution # 33                                                                  Low BSA Risk\n\n    Date           Total              Rating                     BSA Violations (#)\n                   Assets\n                 ($ Million)\n     2002           $151 - $200   Highly Rated NA\n     2001           $126 - $150   Highly Rated (1)- Independent testing/326.8(c)(2)\n     1999           $126 - $150   Highly Rated NA\n     1998           $126 - $150   Highly Rated None\n State does include BSA examination procedures within the scope of its regular examinations.\n\nOIG Concern:\nFollow-up did not occur within 12 months on violations and concerns noted in FDIC ROE dated\nin 2001.\n\nSupervisory Action:\nThe 2001 FDIC ROE cited violations of Section 326.8 for a lack of independent testing of the\nBSA compliance program. Violation occurred because audit of the program was being\nconducted by the bank\xe2\x80\x99s BSA officer, thereby inhibiting the independence of the review. The\nviolation was not a repeat from prior examinations and did not result in a formal action against\n\n\n\n\n                                                        116\n                                     This Report Contains Confidential Information\n                    For Official Use Only                                   Restricted Information\n\x0c                                                                                                  APPENDIX IX\n                                  CORPORATION COMMENTS\n\n      Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\nthe bank. A letter from the chairman of the board and president of the bank, dated two months\nlater in 2001, in response to the examination findings, stated that the infraction had been\ncorrected by separating the BSA officer from the audit function. To date, a follow-up\nexamination has not been conducted by the FDIC. Since the last FDIC examination, there have\nbeen two independent reviews of BSA by the bank (2002 and 2003).\n\nBank Profile:\nBank is a $151-$200 million institution serving rural communities of less than 7,000 residents in\nthe Mid-Atlantic Region. Bank has been highly rated over the last 10 years. Bank management\nhas also been highly rated since 1994, which includes the last three FDIC examinations. Bank is\nfinancially strong and has good management. The overall BSA program is adequate and the\nviolation was considered minor. The bank committed to correcting the infraction and responded\nto the RO within 90 days of the date of the FDIC ROE.\n\nAssessment of Follow-up Action:\nIn the transmittal letter sent to the bank by the RO, accompanying the FDIC ROE, management\nwas asked to provide a written response to examination criticisms. Bank management provided\na written response to the RO in 2001, stating that corrective action had been implemented. This\nletter was sent to the RO within 90 days after the examination date.\n\n\n\n\n                                                     117\n                                  This Report Contains Confidential Information\n                 For Official Use Only                                   Restricted Information\n\x0c                                                                                                    APPENDIX IX\n                                    CORPORATION COMMENTS\n\n       Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\nInstitution # 34                                                                 Low BSA Risk\n\n    Date           Total             Rating                     BSA Violations (#)\n                   Assets\n                 ($ Million)\n     2003           $250 - $500      Highly Rated NA\n     2002           $250 - $500      Highly Rated (11)- Exempt filing/103.22(d)*\n     2001           $250 - $500      Highly Rated NA\n     2000           $250 - $500      Highly Rated None\n     1999           $250 - $500      Highly Rated NA\n     1998           $250 - $500      Highly Rated None\n *violation was not cited in ROE, although code 6604 was entered into BSA data entry form for\n examination. Comments contained in confidential section of ROE.\n State does include BSA examination procedures within the scope of its regular examinations.\n\nOIG Concern:\nFollow-up did not occur within 12 months on violations and concerns noted in FDIC ROE dated\nin 2002.\n\nSupervisory Action:\nThe 2002 FDIC ROE reported violations of Part 103 for failure to properly file CTR exemption\nforms for customers included on its exemption list. The violations cited were not repeat\nviolations, and no formal action was taken against the bank for the violations. The bank filed the\nexemption forms during the examination in 2002, which corrected the infractions.\n\nBank Profile:\nBank is a $250-$500 million institution on the East Coast. Generally, the bank\xe2\x80\x99s branches serve\na rural community of less than 10,000 residents. The bank has been highly rated since 1994.\nBank management has also been highly rated 1995, which includes the last four FDIC\nexaminations. Bank is financially strong with good management. Violations do not indicate\nsystemic risk in BSA compliance program. Overall program is considered adequate. Neither the\nbank nor its customer base has been determined to be involved in high-risk activities.\n\nAssessment of Follow-up Action:\nThe examination started in 2002, and concluded one month later. Bank management filed\nexemptions prior to the conclusion of the examination. Copies were provided to examiners and\nretained in examination work papers. No additional follow-up supervisory action was necessary,\nas bank management corrected the deficiencies during the examination. This deficiency was not\nrepeated at the subsequent examination.\n\n\n\n\n                                                       118\n                                    This Report Contains Confidential Information\n                   For Official Use Only                                   Restricted Information\n\x0c                                                                                                     APPENDIX IX\n                                     CORPORATION COMMENTS\n\n       Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\nInstitution # 37                                                                  Low BSA Risk\n\n   Date         Total           Rating                          BSA Violations (#)\n                Assets\n              ($ Million)\n   2003           $0 - $10     Highly Rated  NA\n   2002           $0 - $10     Highly Rated  (1)- Independent testing/326.8(c)(2); (1)- Inadequate\n                                                  training/326.(c)(4);\n                                             (1)- Exempt designation/103.22(d)(11)(iii);\n                                             (1)- Exempt bank/103.22(d)(3)(ii);\n                                             (1)- Exempt review/103.22(d)(4)\n    2000           $0 - $10   Highly Rated NA\n    1999           $0 - $10   Highly Rated (1)- Independent testing/326.8(c)(2); (1)- Inadequate\n                                                  training/326.8(c)(4);\n                                             (1)- Identity record (non-customer)/103.29(A)(2)(i)(ii);\n                                             (1)- Identity record (customer)/103.29(A)(1)(i)(ii);\n                                             (1)- Exemption form/103.22(d)\n    1998           $0 - $10   Highly Rated NA\n    1997           $0 - $10   Highly Rated (2)- Biennial exemptions/103.22(h)(3)(ii);\n                                             (2)- Exemption list/103.22(f);\n                                             (1)- Independent testing/326.8(c)(2);\n                                             (1)- Inadequate training/326.8(c)(4);\n                                             (1)- Exempt designation/103.22(d)\n State performs limited BSA examinations and reviews prior BSA violations.\n\nOIG Concern:\nDuring examinations conducted in 1997, 1999, and 2002, the bank was cited for violations\nrelated to the lack of independent testing of BSA compliance and failure to provide adequate\nBSA training. Corrective action was not taken until after the 2002 examination. The FDIC\nissued a Cease and Desist Order in 2002, more than 60 months (5 years) after the violations were\ninitially cited. Accordingly, the institution operated for more than 5 years without complying\nwith the minimum requirements of a BSA compliance program as required by Section 326.8.\n\nSupervisory Action:\nThe FDIC cited repeat BSA-related apparent violations in its 1999 and 2002 ROEs. The repeat\nviolations pertain to the bank\xe2\x80\x99s BSA training program and independent testing for BSA\ncompliance. However, there were no repeat violations cited for other BSA compliance\nrequirements, indicating that the bank\xe2\x80\x99s BSA compliance program was effective in practice.\n\n1997 Examination\nThe 1997 FDIC ROE cited the following apparent violations: Section 326.8(c)(2), which\nrequires a system of independent testing for compliance with the BSA; and Section 326.8(c)(4),\n\n\n\n\n                                                        119\n                                     This Report Contains Confidential Information\n                    For Official Use Only                                   Restricted Information\n\x0c                                                                                                  APPENDIX IX\n                                  CORPORATION COMMENTS\n\n      Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\nwhich requires training of appropriate personnel. The 1997 Summary Analysis of Examination\nReport (SAER) comment stated, \xe2\x80\x9cThe violations occurred due to management\xe2\x80\x99s lack of\nfamiliarity with the regulations.\xe2\x80\x9d\n\nThe 1999 FDIC ROE again cited apparent violations of the two above-referenced regulations.\nDespite the repeat apparent violations, the FDIC pursued no supervisory action. The 1999 SAER\ncomment stated, \xe2\x80\x9cManagement agreed to make corrections, and the examiner does not believe\nthat regulatory action is necessary.\xe2\x80\x9d\n\nThere were no other repeat BSA-related apparent violations cited, indicating that, despite the\nbank\xe2\x80\x99s lack of a formal employee-training program and the lack of independent BSA compliance\ntesting, that the bank\xe2\x80\x99s BSA compliance program remained effective in practice.\n\nThe 2002 FDIC ROE again cited apparent violations of the two above-referenced regulations\n(third consecutive examination). In 2002, the FDIC issued a formal enforcement action pursuant\nto Section 8(s) of the FDI Act, specifically targeting the bank\xe2\x80\x99s failure to comply with the BSA.\n\nExaminers conducted visitations of the bank to review management\xe2\x80\x99s progress in complying\nwith the Order mid-year 2002, and the following quarter in 2002. The Order was terminated a\nfew weeks later, following the 2002 visitation, which found the bank in compliance with BSA.\nGiven the bank\xe2\x80\x99s compliance with the Cease and Desist Order, the bank is considered a low BSA\nrisk.\n\nBank management did not follow through as agreed in the 1999 and 2002 examinations; as a\nresult the RO issued a formal enforcement action addressing the repeat violations for an\ninadequate testing of the BSA program and training of bank personnel. The bank has since\ncomplied with the formal action which was subsequently terminated within three months of\nissuance.\n\nBank Profile:\nThe bank is a $0-$10 million community bank in the West. Historically, the bank\xe2\x80\x99s BSA-related\nactivities have been negligible. The bank has filed only twelve CTRs since 1997 (three in 1997,\ntwo in 2001, three in 2002, and four in 2003). Management has been highly rated at every\nexamination conducted since the 1999 examination. Two examinations conducted in 1998 and\nin 1997 indicate a management rating of moderate. The most recent examination of the\ninstitution was in 2003 resulting in a high rating.\n\n\nAssessment of Follow-up Action:\n\n\n\n\n                                                     120\n                                  This Report Contains Confidential Information\n                 For Official Use Only                                   Restricted Information\n\x0c                                                                                                  APPENDIX IX\n                                  CORPORATION COMMENTS\n\n      Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\nThe DSC concurs in general with the OIG regarding the follow-up for this bank. A Cease and\nDesist Order was issued in 2002 for the bank\xe2\x80\x99s non-compliance with the BSA. The bank was\ncited for repeated violations for lack of testing and training which dated back to 1997. While\nbank management indicated their willingness to comply, action should have been taken prior to\nthe 2002 examination.\n\n\n\n\n                                                     121\n                                  This Report Contains Confidential Information\n                 For Official Use Only                                   Restricted Information\n\x0c                                                                                                    APPENDIX IX\n                                    CORPORATION COMMENTS\n\n       Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\n\nInstitution # 39                                                                 Low BSA Risk\n\n   Date         Total          Rating                        BSA Violations (#)\n                Assets\n              ($ Million)\n   2003          $26 - $50   Highly Rated    (1)- Independent testing/326.8(c)(2)\n   2002          $26 - $50   Highly Rated    NA\n   2001          $26 - $50   Highly Rated    (4)- Instrument log/103.29(a);\n                                             (1)- Independent testing/326.8(c)(2)\n    1999          $26 - $50 Highly Rated NA\n    1998          $26 - $50 Highly Rated (1)- Independent testing/326.8(c)(2);\n                                             (1)- BSA Officer/326.8(c)(3)\n State performs limited BSA examinations or reviews prior BSA violations.\n\nOIG Concern:\nDuring its examinations conducted in 1998, 2001, and 2003, the bank was cited for violations\nrelated to lack of independent testing of BSA compliance. Corrective action was not taken until\n2003, when the FDIC, state regulatory agency and the bank signed an MOU to correct BSA\nviolations, more than 60 months (5 years) without complying with the minimum requirements of\na BSA compliance program as required by Section 326.8.\n\nSupervisory Action:\nThe violation cited in 1998 was corrected later that year. The bank\xe2\x80\x99s BSA compliance did\nrelapse subsequent to the 1998 examination, as determined during the 2001 examination, but the\nRO chose not to pursue an enforcement action given earlier corrections and management\xe2\x80\x99s\npromises of action. The FDIC\xe2\x80\x99s 2001 examination again criticized the lack of independent\ntesting (and failure to obtain and retain information regarding the issuance of four cashiers\nchecks), but also confirmed that management did conduct independent testing in 1998 and\nrevised the bank\xe2\x80\x99s BSA policies in response to the 1998 examination. However, there was a\nfailure to continue the independent testing in 1999 and 2000. In 2001, management again\npromised corrective action and this time agreed to contact the bank\xe2\x80\x99s external auditor to arrange\nfor ongoing independent audits of BSA compliance. Because of this commitment, the RO did\nnot pursue an enforcement action.\n\nThe state conducted an independent examination in 2002. The ROE addressed BSA compliance\nand stated that, all [BSA] deficiencies have been corrected, with one minor exception. Based on\nthe examiner\xe2\x80\x99s assessment of the bank\xe2\x80\x99s deficiencies in the BSA program, the FDIC concluded\nthat enforcement action was not necessary at that time.\n\n\n\n\n                                                       122\n                                    This Report Contains Confidential Information\n                   For Official Use Only                                   Restricted Information\n\x0c                                                                                                  APPENDIX IX\n                                  CORPORATION COMMENTS\n\n      Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\n\nThe FDIC\xe2\x80\x99s 2003 ROE cited the lack of independent testing of BSA compliance. This time, the\nRO did not accept management\xe2\x80\x99s commitment to correct the deficiency without enforcement\naction. A joint MOU with the state became effective in 2003, within 60 days of the date of the\nexamination. Compliance testing was required.\n\nThe Bank\xe2\x80\x99s report of compliance with the MOU:\n\nThe bank\xe2\x80\x99s progress report was received on time late 2003. The following is a summary of the\ninstitution\xe2\x80\x99s compliance with each of the provisions:\n\n1.     Establish a program and conduct independent testing for compliance with BSA and 31\n       Code of Fed. Regs., Section 103, within 60 days and annually thereafter: The board of\n       directors reports compliance. The board adopted a new policy two months ago and a vice\n       president, who is independent of the BSA recordkeeping function, conducted testing and\n       reported to the board on last month. The vice president\xe2\x80\x99s report indicates substantial\n       compliance with the MOU, including BSA recordkeeping and reporting requirements.\n       Technical deficiencies were noted in wire transfer records, CTRs, and CTR exemption\n       records, but there were few of them and corrective action has been taken. The vice\n       president gave a positive attestation to the overall integrity and effectiveness of\n       management systems and controls over BSA. The bank purchased Internet-based BSA\n       training programs and training has been conducted. A new BSA officer has designated\n       who oversees continuing training. The bank has also engaged an independent firm, to\n       conduct BSA compliance testing as part of the external audit for 2003.\n\n2.     Provide a copy of the BSA compliance plan detailing the form and manner of any actions\n       taken to secure compliance with the MOU within 90 days (2003): The required\n       information was received in late 2003.\n\nManagement has achieved substantial compliance with the MOU, but one of the conditions is\nongoing in nature, and final determination for compliance with the MOU will be made by field\nexaminers onsite at the next full-scope examination or visitation.\n\nBank Profile:\nThe institution is a very small community bank ($26-$50 million) located in the West. Its BSA\nactivities are minimal. The bank was cited for lack of independent testing of BSA compliance \xe2\x80\x93\nnot violations of the other key BSA compliance requirements. Management has been highly\nrated throughout the audit period. The most recent examination of the institution was in 2003,\nwith a high rating.\n\n\n\n\n                                                     123\n                                  This Report Contains Confidential Information\n                 For Official Use Only                                   Restricted Information\n\x0c                                                                                                     APPENDIX IX\n                                     CORPORATION COMMENTS\n\n      Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\n\nAssessment of Follow-up Action:\nThe examination team cited two violations at the 1998 examination which were partially\ncorrected before the 2001 examination. At this examination, the bank was cited again for a lack\nof testing for BSA compliance. Bank management indicated that corrective action would be\ntaken and based upon management\xe2\x80\x99s reputation for correcting previously cited violations and\ndeficiencies noted in the ROE, no enforcement action was necessary. As noted in the 2002 state\nexamination, all [BSA] deficiencies were corrected except for one exemption limit on a local\nbusiness. There was no reason to believe that bank management would not again correct the\nviolations cited in the examination. However, a 2003 examination indicated a violation for lack\nof independent testing of the BSA program. A joint MOU was issued in 2003. The bank is\nsubmitting progress reports which indicate testing of the BSA program is being performed.\nGiven management\xe2\x80\x99s prior commitments to correct violations and implement recommendations,\nthe actions implemented by the RO were adequate.\n\nInstitution # 40                                                                  Low BSA Risk\n\n    Date           Total          Rating                         BSA Violations (#)\n                   Assets\n                ($Million)\n    2003        $251 - $500     Highly Rated     None\n    2002        $251 - $500     Highly Rated     NA\n    2001        $151 - $200     Highly Rated     None\n    2000        $151 - $200     Highly Rated     NA\n    2000        $126 - $150     Highly Rated     None\n    1998        $101 - $125     Highly Rated     NA\n    1997         $51 - $100     Highly Rated     (6)- Customer record (monetary log)/103.29(a)(1);\n                                                 (4)- Late CTR filings/103.27(a);\n                                                 (2)- Improper exemption or limit/103.22(b)(c);\n                                                 (1)- CTR filing/103.22(a);\n                                                 (1)- Identity record (non-customer)/103.29(a)(2)(i)(ii);\n                                                 (1)- Exemption list/103.22(f)\n State performs BSA examinations.\n\nOIG Concern:\nFDIC ROE dated in 2003, cited several deficiencies in the bank\xe2\x80\x99s BSA compliance program;\nhowever, no violations were cited and no follow-up supervisory action was taken. OIG\ndetermined FDIC response to violations cited at 1997 examination was adequate.\n\nSupervisory Action:\n\n\n\n\n                                                        124\n                                     This Report Contains Confidential Information\n                    For Official Use Only                                   Restricted Information\n\x0c                                                                                                 APPENDIX IX\n                                 CORPORATION COMMENTS\n\n      Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\nIn the 2003 ROE, minor recommendations were made to management and no follow-up action\nwas deemed necessary.\n\nTechnical violations of Part 103 were cited at the 1997 FDIC independent examination, but no\nsubsequent violations have been cited. ROEs subsequent to the 1997 examination consistently\nindicate the bank has an adequate BSA program in place. The FDIC last examined the bank in\n2003. The examiner-in-charge, who also reviewed BSA, concluded that the internal audit of\nBSA is thorough, cash transaction volume is moderate, and the program is adequate. Minor\nrecommendations were provided to management, and no apparent violations were noted. It is for\nthese reasons that this institution is considered to have a low BSA risk profile.\n\n\n\nBank Profile:\nThe bank is a moderately-sized community bank ($251-$500 million) that engages in traditional\nbanking activities. Management has been highly rated at every examination conducted in the\n1997 to 2003 time frame. The most recent examination of the institution was in 2003 with a high\nrating.\n\nAssessment of Follow-up Action:\nMinor deficiencies were noted in BSA compliance program at the 2003 examination. However,\nno violations were cited, and management committed to corrective action. No additional\nsupervisory follow-up action was necessary. Furthermore, violations from the 1997 examination\nwere corrected during the RO review process. The bank has not been cited for any violations\nsince that time. Adequate supervisory action was taken at the time of the violations.\n\n\n\n\n                                                    125\n                                 This Report Contains Confidential Information\n                For Official Use Only                                   Restricted Information\n\x0c                                                                                                     APPENDIX IX\n                                     CORPORATION COMMENTS\n\n       Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\nInstitution # 41                                                                  Low BSA Risk\n\n    Date           Total             Rating                      BSA Violations (#)\n                  Assets\n                ($ Million)\n    2002              $0 - $10     Highly Rated  None\n    2001              $0 - $10     Highly Rated  None\n    2000              $0 - $10     Highly Rated  NA\n    1999              $0 - $10     Highly Rated  (1)- Independent testing/326.8(c)(2);\n                                                 (1)- Inadequate controls/326.8(c)(1)\n     1998             $0 - $10  Highly Rated NA\n     1997             $0 - $10  Highly Rated (1)- Inadequate controls/326.8(c)(1);\n                                                 (1)- Inadequate training/326.8(c)(4)\n State does not perform BSA examinations but reviews prior BSA violations.\n\nOIG Concern:\nThe OIG is concerned with the repeated violations of Section 326.8(c)(1) for failure to provide\nfor a system of internal controls to assure ongoing compliance and Section 326.8(c)(4) for failure\nto provide training for appropriate personnel.\n\nSupervisory Action:\nAt the 1997 examination the FDIC cited two BSA violations: failure to provide for a system of\ninternal controls to assure ongoing compliance; and failure to provide training for appropriate\npersonnel.\n\nAt the 1999 examination the FDIC again cited two BSA violations, one of which was a repeat\nviolation from the 1997 examination. The repeat violation was failure to comply with Section\n326.8(c)(1). The second violation was failure to comply with Section 326.8(c)(2) and provide\nfor independent testing for compliance to be conducted by bank personnel or by an outside party.\n\nFDIC staff discussed the BSA issues with management and the bank\xe2\x80\x99s board following each\nexamination. The bank achieved partial correction following the 1997 examination, by\ninstituting BSA training. All BSA violations were corrected following the 1999 examination,\nand no violations have been cited in subsequent examinations. For this small bank with limited\nresources, and importantly, limited exposure to currency transactions, bank management\xe2\x80\x99s\nperception was that the regulatory requirements in this area did not fully apply to their\nuncommon banking operation. The FDIC\xe2\x80\x99s supervisory approach was effective. The FDIC\ninformed management and the board of the importance and applicability of the regulations and\nguided the bank into full compliance.\n\n\n\n\n                                                        126\n                                     This Report Contains Confidential Information\n                    For Official Use Only                                   Restricted Information\n\x0c                                                                                                     APPENDIX IX\n                                     CORPORATION COMMENTS\n\n       Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\nBank Profile:\nThe bank is a former thrift that converted to an industrial loan company charter in 1986. The\ncurrent owner is considered very conservative and has kept the bank operating in much the same\nmanner as it operated under the thrift charter. The bank has had little growth since 1986; total\nassets as of quarter-end 2003, were $0-$10 million. In keeping with a traditional thrift operation,\nthe bank is primarily a real estate lender that portfolios the majority of its loans. For funding, the\nbank uses small certificates of deposit and Federal Home Loan Bank lines of credit.\nSignificantly, the bank advertises as a non-cash bank and holds very few demand deposits. And\nof the demand deposits held, a substantial portion may represent disbursed loan proceeds at any\ngiven time. The bank operates out of a business office and has no teller stations and is\nconsidered a low-BSA risk. Management has been highly rated in the three examinations\nconducted in 2002, 2001 and 1998. Management was also moderately rated in the 1999 and\n1997 examinations. The most recent examination of the institution was in 2002, with a high\nrating.\n\nAssessment of Follow-up Action:\nThe bank achieved partial correction following the 1997 examination by instituting BSA\ntraining. All BSA violations were corrected following the 1999 examination, and no violations\nhave been cited in subsequent examinations. Follow-up was considered adequate for the size\nand transactions conducted by the bank.\n\n\nInstitution removed from OIG sample\nin January 2004                                                                   Low BSA Risk\n    Date           Total              Rating                     BSA Violations (#)\n                   Assets\n                   ($Million)\n     2003            Over $500    Highly Rated None\n     2001            Over $500    Highly Rated (52)- CTR filing errors/103.27(d)\n     2000            Over $500    Highly Rated None\n     1999            Over $500    Highly Rated None\n     1998           $251 - $500   Highly Rated None\n     1997           $251 - $500   Highly Rated None\n State does not include BSA examination procedures within the scope of its regular examinations,\n but does conduct follow-up on BSA violations cited in prior examinations.\n\nOIG Concern:\nFollow-up did not occur within 12 months on violations and concerns cited in FDIC ROE dated\nin 2001. Bank was subsequently (January 2004) eliminated by OIG from final report.\n\n\n\n\n                                                        127\n                                     This Report Contains Confidential Information\n                    For Official Use Only                                   Restricted Information\n\x0c                                                                                                    APPENDIX IX\n                                    CORPORATION COMMENTS\n\n      Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\n\nSupervisory Actions:\nThe 2001 ROE cited apparent violations of Part 103 for incorrectly filling out numerous CTRs.\nSpecifically, management failed to check boxes to indicate \xe2\x80\x9cmultiple persons\xe2\x80\x9d and did not\nprovide information for customers \xe2\x80\x9cdoing business as\xe2\x80\x9d within the appropriate areas on the forms.\nManagement committed to corrective action during the examination. These infractions were\nconsidered to be technical in nature and did not result in any type of formal action. The state\nconducted an examination in 2003 and determined that the institution had corrected the\ndeficiencies resulting in the violations cited at the FDIC examination. Although the state ROE\ndoes not comment on BSA, a scope memorandum provided by the state indicates that corrective\naction relating to prior BSA violations would be reviewed.\n\nAlthough the OIG indicates that these violations are repeated from prior examinations, the region\nasserts that prior to the 2001 examination there had not been any other violations cited in\nprevious ROEs of this bank through the OIG\xe2\x80\x99s audit period.\n\nBank Profile:\nBank is over $500 million in total assets serving a small state, as well as the southern portion of\nan adjoining state. The county reports a population of just over 200,000. Bank has been highly\nrated since 1993. Bank management has been highly rated since 1997.\n\nAssessment of Follow-up Action:\nThe apparent violations were technical in nature. The bank is financially sound with strong\nmanagement. Overall BSA compliance program is adequate and management committed to\ncorrective action. The RO did not pursue a formal response due to management\xe2\x80\x99s commitment\nduring the examination to correct the deficiencies. The state followed up on the FDIC\nexamination findings with a review of prior violations (including BSA) within 15 months and did\nnot repeat the criticism in this area.\n\nInstitution removed from OIG sample\nIn January 2004                                                                  Low BSA Risk\n\n  Date        Total           Rating                         BSA Violations (#)\n              Assets\n            ($ Million)\n  1998        $51 - $100    Highly Rated     (1)- Written BSA Policy/326.8(b);\n                                             (1)- Independent Testing/326.8(c)(2); (1)- BSA\n                                             Officer/326.8(c)(3)\n Bank merged with another bank in 2000.\n\n\n\n\n                                                       128\n                                    This Report Contains Confidential Information\n                   For Official Use Only                                   Restricted Information\n\x0c                                                                                           APPENDIX IX\n                           CORPORATION COMMENTS\n\nInternal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\n\n\n\n                                              129\n                           This Report Contains Confidential Information\n          For Official Use Only                                   Restricted Information\n\x0c                                                                                                  APPENDIX IX\n                                  CORPORATION COMMENTS\n\n      Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\nOIG Concern:\n\n\nFollow-up did not occur within 12 months on violation cited in the 1998 FDIC ROE. Bank was\nsubsequently (January 2004) eliminated by OIG from final report.\n\nSupervisory Action:\nThe 1998 ROE cited apparent violations of Section 326.8 for failure to have a written BSA\nprogram, lack of method for independent testing, and failure to designate a BSA Officer.\nHowever, examiners deemed the procedures for BSA compliance to be satisfactory.\nManagement committed to corrective action during the examination. The bank merged with\nanother institution in 2000.\n\nAlthough the OIG indicates that these violations are repeated from prior examinations, the region\nasserts that prior to the 1998 examination there had not been any other violations cited in\nprevious ROEs of this bank through the OIG\xe2\x80\x99s audit period.\n\nBank Profile:\nBank is INACTIVE. At the time of the last examination, the bank was a $51-$100 million\ninstitution in a northeast state. The bank was highly rated at its last examination, a rating which\ndates back to 1992. Bank management had been highly rated since 1983, which includes the last\nfive FDIC examinations.\n\nAssessment of Follow-up Action:\nThe overall BSA compliance program is adequate; however, procedures were not condensed to\nwriting. Bank management was criticized during examination, but formal response was not\nrequired from the institution due to a commitment to implement corrective action. The bank\nmerged with another institution prior to a subsequent examination.\n\n\n\n\n                                                     130\n                                  This Report Contains Confidential Information\n                 For Official Use Only                                   Restricted Information\n\x0c                                                                                                  APPENDIX IX\n                                  CORPORATION COMMENTS\n\n      Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\nCONCLUSION OF DSC SUPERVISORY APPROACH TO OIG-SAMPLED INSTITUTIONS\n\nThe DSC\xe2\x80\x99s findings regarding the sampled institutions indicate that in the vast majority (38 of\n41, or 92.7 percent) of instances, the DSC responded expeditiously while incorporating the\nsufficient response time for bank management to correct identified problems. In serious cases\nwhere bank management willfully neglected BSA rules or was unresponsive to regulatory\ncriticism and guidance, or when the DSC identified insider abuse, enforcement action was taken.\nThe assessment of the OIG\xe2\x80\x99s sample confirms the DSC\xe2\x80\x99s effective supervisory approach to the\nBSA. There were three instances where the DSC could have acted more quickly; however,\nresolution to the BSA concerns did occur.\n\nSubsequent to questions raised by the OIG during the audit, the DSC\xe2\x80\x99s Regional and Washington\noffices undertook a detailed analysis of the OIG\xe2\x80\x99s 41-bank sample. In 38 of the 41 cases, we\nfound the supervisory actions to be consistent with the problems identified and the risks posed by\nthe circumstances. In hindsight, the DSC found that three cases of supervisory actions could\nhave been deployed in a better manner. As a result, the lessons learned have been utilized to\nimprove our internal supervisory processes. The FDIC supervises a majority of small\ninstitutions. These community-based institutions operate with simple manual and automated\nsystems. Therefore, it is not unusual that a sample of such institutions would yield apparent\nviolations of a technical nature without exposing the institutions\xe2\x80\x99 BSA programs to increased\nmoney laundering risk. Our small, community banks actually have a strong inherent deterrent to\nmoney laundering since they operate in areas where bank management\xe2\x80\x99s knowledge of\ncustomers is high, making criminal action harder to disguise. In fact, of the 41 sample banks, 22,\nor 54%, are very small banks with total assets of less than $80 Million, and seven more sample\nbanks fall in the under $150 Million range. Only two of the sample banks were larger than $1\nBillion in total assets. The three institutions that the DSC identified where supervisory actions\ncould have been strengthened had total assets of $10 Million, $70 Million, and $187 Million.\n\nProgram problems that expose an institution to increased vulnerability to criminal activity\nare, as necessary, aggressively addressed with formal actions. However, in the vast\nmajority of cases, an appropriate supervisory response does not include a formal action.\nThe FDIC believes our supervisory approach using technical guidance, moral suasion and\na gradual escalation of enforcement action is appropriate. Refer to Exhibit I for a legal\ninterpretation of formal actions for BSA that are authorized under Section 8(s) of the\nFederal Deposit Insurance Act, 12 USC 1818(s).\n\n\n\n\n                                                     131\n                                  This Report Contains Confidential Information\n                 For Official Use Only                                   Restricted Information\n\x0c                                                                                                  APPENDIX IX\n                                  CORPORATION COMMENTS\n\n      Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\nAPPENDIX B: History of the BSA\n\nThe responsibility for the implementation of the BSA, including its recent amendments required\nby the USA PATRIOT Act, rests with the Secretary of Department of the Treasury. The FDIC\nhas been charged [under Section 8(s) of the FDI Act] to prescribe regulations requiring insured\ndepository institutions to implement a BSA compliance program (Section 326.8 of FDIC Rules\nand Regulations); review BSA compliance procedures when conducting examinations and\ndocument deficiencies in the ROEs; and employ supervisory action when it has been determined\nthat an insured depository institution has failed to establish and maintain a BSA compliance\nprogram or has failed to correct any previously reported problem with the BSA compliance\nprocedures. In addition, Section 31 CFR 103.56(e) requires the FDIC to periodically provide\nspecific violations of 31 CFR 103 as well as apparent violations of FDIC Rules and Regulations\nPart 326 Subpart B to the Assistant Secretary of the Treasury.\n\nOn October 26, 1970, Congress passed the BSA which amended Title 31 of the United States\nCode, Subtitle IV, Chapter 53, and Subchapter II. The purpose of this subchapter (except section\n5315) is to require certain reports or records where they have a high degree of usefulness in\ncriminal, tax, or regulatory investigations or proceedings. The statute authorizes the Secretary of\nthe Treasury to prescribe filing procedures and designate financial institutions and transactions as\nwell as promulgate regulations to meet the requirements of the BSA. The implementing\nregulations of the BSA are Treasury\xe2\x80\x99s regulations Part 103 - Financial Recordkeeping and\nReporting of Currency and Foreign Transactions (31 CFR Part 103). Collectively, the Treasury\nregulations and the BSA statute are commonly referred to by the banking industry as the BSA\nrules.\n\nAlthough the BSA has been in effect for over 30 years, its significance and priority escalated in\nthe wake of the September 11, 2001, terrorist attacks against the U.S. Shortly after this tragic\nevent, the USA PATRIOT Act of 2001 was passed. This Act expanded the anti-money\nlaundering provisions of the original law and brought the issue of money laundering to the\nforefront, once again. BSA compliance and anti-money laundering programs are now one of the\nhighest priorities for the industry, regulators, and law enforcement authorities. Additionally, in\nMarch 2003, Treasury established its Executive Office for Terrorist Financing and Financial\nCrimes (EOTF/FC), the office that focuses on combating money laundering and terrorist\nfinancing. After the USA PATRIOT Act was passed, the FinCEN was established as a formal\nbureau of the Treasury. The focus of the BSA from a risk-management perspective is that an\ninstitution\xe2\x80\x99s failure to implement an adequate compliance program is punishable by monetary\nfines that can be assessed by FinCEN. Additionally, the FDIC can initiate enforcement actions\nagainst FDIC-supervised institutions and IAPs for serious and/or uncorrected problems with an\ninstitution\xe2\x80\x99s BSA compliance program.\n\n\n\n\n                                                     132\n                                  This Report Contains Confidential Information\n                 For Official Use Only                                   Restricted Information\n\x0c                                                                                                  APPENDIX IX\n                                  CORPORATION COMMENTS\n\n       Internal Assessment of DSC\xe2\x80\x99s Program to Evaluate Bank Compliance with the BSA.\n\n\n\nBSA Legislative Changes\n\nThere have been many amendments made to the BSA statute through the years, which in turn\nhave required additions, deletions, and revisions to the parallel regulations of the Treasury as\nwell as the Federal Deposit Insurance Act. Some of the major amendments to the BSA are:\n\n   \xe2\x80\xa2    Money Laundering Control Act (October 27, 1986) which criminalized money laundering\n        and prohibited structuring transactions to avoid BSA reporting requirements.\n\n   \xe2\x80\xa2    Annunzio-Wylie Money Laundering Suppression Act (October 28, 1992) which required\n        SARs.\n\n   \xe2\x80\xa2    Money Laundering Suppression Act (September 23, 1994) which reduced burden\n        involved in the CTR exemption process.\n\n   \xe2\x80\xa2    Money Laundering and Financial Crimes Strategy Act (October 30, 1998) which\n        improved cooperation and coordination between regulators, law enforcement, and the\n        financial service industry.\n\n   \xe2\x80\xa2    United and Strengthening America by Providing Appropriate Tools to Restrict, Intercept,\n        and Obstruct Terrorism Act (\xe2\x80\x9cUSA PATRIOT ACT\xe2\x80\x9d) (October 26, 2001) which\n        generally required additional due diligence on customers, accounts, and transactions to\n        prevent money laundering and terrorist financing activity in domestic financial\n        institutions.\n\n\n\n\n                                                     133\n                                  This Report Contains Confidential Information\n                 For Official Use Only                                   Restricted Information\n\x0c                                                                                                                                                   APPENDIX X\n\n                                               MANAGEMENT RESPONSES TO RECOMMENDATIONS\n\nThis table presents the management responses that have been made on recommendations in our report and the status of recommendations as of the date of report\nissuance. The information in this table is based on management\xe2\x80\x99s written response to our report and subsequent communication with management representatives.\n\n                                                                                                                                                         Open\n Rec.                                                                         Expected              Monetary        Resolved:a   Dispositioned:b          or\nNumber         Corrective Action: Taken or Planned/Status                  Completion Date          Benefits        Yes or No      Yes or No            Closedc\n    1       DSC agreed with this recommendation. The DSC will, in           March 30, 2005              $0             Yes             No                Open\n            coordination with its current initiatives to revisit and\n            update FDIC guidance and with inter-agency cooperation,\n            address formal supervisory actions, follow-up actions,\n            citation of apparent violations and record keeping, and\n            backfiling of CTRs and will work with the FDIC Legal\n            Division to clarify, and update as necessary, enforcement\n            action guidance on BSA.\n    2       DSC agreed with the recommendation. The DSC                    December 31, 2004            $0             Yes             No                Open\n            representative to the Financial Crimes Enforcement\n            Network\xe2\x80\x99s Bank Secrecy Act Advisory Group will\n            introduce the question raised on referral guidelines at an\n            upcoming meeting.\n    3       DSC agreed with this recommendation and stated that it is       March 30, 2005              $0             Yes             No                Open\n            focused on strengthening processes to address variations in\n            the state examination coverage of BSA and believes this\n            action will increase the consistency and reliability of the\n            follow-up to its BSA examinations.\na\nResolved \xe2\x80\x93(1) Management concurs with the recommendation, and the planned corrective action is consistent with the recommendation.\n          (2) Management does not concur with the recommendation but planned alternative action is acceptable to the OIG.\n          (3) Management agrees to the OIG monetary benefits or a different amount, or no ($0) amount. Monetary benefits are considered resolved as long as\n              management provides an amount.\nb\n Dispositioned \xe2\x80\x93 The agreed-upon corrective action must be implemented, determined to be effective, and the actual amounts of monetary benefits achieved\nthrough implementation identified. The OIG is responsible for determining whether the documentation provided by management is adequate to disposition the\nrecommendation.\nc\nOnce the OIG dispositions the recommendation, it can then be closed.\n\n\n\n\n                                                                                  134\n                                                               This Report Contains Confidential Information\n                                              For Official Use Only                                   Restricted Information\n\x0c"